One in four people deliberately use simple passwords - so that they can remember them

Whether "secret", "123456" or the child's name and birthday - many people are still careless with passwords, even though they make it easy for cyber criminals to gain access to social media services, online shopping or banking and health data, for example.

Around a quarter (23%) of internet users often deliberately use simple passwords so that they can remember them easily. A third (33%) use the same password for different services. These are the results of a survey of 1,021 internet users in Germany aged 16 and over conducted on behalf of the digital association Bitkom.

"The Change Your Password Day on February 1 is a good opportunity to get an overview of your own passwords and say goodbye to simple or reused ones and replace them," says Bitkom security expert Felix Kuhlenkamp. "But if you choose good passwords and combine them with two-factor authentication wherever possible or use passkeys straight away, you no longer need an annual reminder day to change your passwords. This is only necessary if there are indications of data leaks."

To mark Change Your Password Day on February 1, Bitkom is giving five tips for secure access: 

• No simple passwords: Passwords should not consist of an easy-to-guess personal term, such as the name of a child or partner, or a single word found in a dictionary. Instead, a combination of different words or syllables, possibly with unusual upper and lower case letters, is a good idea. The longer the password, the more difficult it is to crack. Special characters can be used especially if you save your passwords in a password manager anyway.
• No duplicate passwords: You should use a unique password for each online service. This reduces the risk of cyber criminals gaining access to multiple accounts in the event of a data leak if they use stolen access data in different places. It is particularly important to use complex and unique passwords for central online services such as your email provider, but also for services where account data is stored, such as online shopping.
• No slips of paper and simple text files: Nobody can remember dozens of access data. However, writing down passwords and leaving them on the office desk is just as bad an idea as storing password lists in a simple text file on the computer. Instead, password managers are a good idea. These are programs for the PC or as an app for the smartphone, in which access data can be stored securely encrypted. The advantage: you only need to remember a password - preferably a good one - for the password manager or you can also "unlock" it on your smartphone using your fingerprint, for example.
• Better safe than sorry: Wherever possible, two-factor authentication should be set up, as even the strongest password can be cracked. With two-factor authentication, the user name and password alone are not enough to gain access; you also have to read a numerical code from a special app on your smartphone and enter it. This means that attackers not only have to obtain the password, but also need access to the smartphone, which increases security. Sometimes the second factor - i.e. the numerical code - is also sent by text message or other short message or by email.
• Even more security - without a password: Passkeys are a modern and particularly secure alternative to the classic password. Instead of entering the password as before, a passkey generates a key pair when you first register, where one part (the private key) remains securely on the device and the other (the public key) is transmitted to the online service. The advantage of this is that the private key - which, like the password in the past, is your identity card - never has to be transferred and therefore cannot be easily stolen and misused. The keys themselves are a long string of numbers that the user does not even need to know; instead, fingerprints, facial recognition or a PIN are conveniently used for identification on the user's own device.

Source: Bitkom