The act of periodically changing passwords no longer represents extra security for your online accounts. Several years of secure online account use is possible with a complex password that restricts use to one platform.
In its fundamental IT security brochures the Federal Office for Information Security in Germany removed the recommendation to update passwords yet users must change their passwords once unauthorized persons gain access to the system or when doubts about its safety arise. The password established in advance on electronic services and various devices should be modified periodically.
Changing the password regularly is likely to annoy the user who eventually resorts to using simple and weak passwords, or even using the same password for different accounts and electronic services, which is considered a very dangerous matter because it may lead in the worst case to hacking all the user’s accounts on the Internet if the password is leaked or hacked in one of the services, and this should not happen with the email account which often plays a major role in resetting passwords in many other electronic services.
According to the Federal Office for Information Security users need to set passwords which are difficult to guess but remained simple enough to remember for routine use.
Traffic sentence
A sentence containing its initial letters serves as an effective method to recall passwords that include numbers and special characters. According to the recommendation from the Federal Office for Information Security users should implement what they call the password sheet strategy which requires the first characters of all passwords to be memorized letters.
Each electronic account gets its individual password portion which needs to be written on the password sheet. The password sheet holds no value to unauthorized parties because the access keys they possess lead only to useless information.
Password Manager
The ease of depending on password managers makes this method better for this use. Password managers serve to produce and keep and manage complex complicated passwords. People use these password managers to synchronize their passwords on mobile devices and laptops as well as different operating systems throughout their computing platforms. Such programs apply strong multivariable passwords to each service and electronic account used by users. The Bitwarden password manager provides its services without any cost.
Two-factor authentication
Security experts from the Federal Office for Information Security advise enabling two-factor authentication (2FA) because passwords can be exposed through different security breaches including phishing, hacking and data leaks. A separate verification code needs to be provided by the user when trying to access their account with username and password. Successfully stealing or discovering a password would prevent intruders from continuing the sign-in process to access an online account.
factory-fitted Apple iPhones enable login code generation while users who employ Android phones need to install an app like Aegis or a similar one-time password application to create login codes.
The user needs regular checks to confirm their access information including email addresses and passwords have not been compromised due to hacking or leaks because immediate password changes are required. Users need to have simple access to query databases like “Have I been pwned?” or “Identity Leak Checker” to perform these checks.
Passwords
The technology of passkeys enables future users to authenticate themselves without passwords despite the platform not offering this feature.
Passkeys have received the Federal Office for Information Security's recommendation because the technology outperforms passwords in various aspects.
Passkey technology presents itself as a separate login method that users can select while most of their websites utilize traditional password combinations and two-step authentication.
Passkey technology provides passwordless login through keys which enable the encryption process known as public key encryption. The user safely manages their private key but the company offering the service maintains the corresponding public key.
The user will free up access to their private key for service providers through fingerprints or facial scanning or by entering a personal identification number (PIN). This action enables access to online accounts.
Users can encrypt and synchronize their passwords between multiple devices through an easy solution supported by password management systems.
The current and upcoming implementations of passkey technology by password managers allow users to easily replace traditional security measures.