IT security at the University of Bern

Strong Password: Protect yourself and your data

Many internet users think that it will never happen to them. But what if it does? What if the password you use to access an online store is stolen and happens to be the same as the password you use to access your Facebook or email account? As a result, cybercriminals are free to log in, place orders at your expense, take out contracts, send messages in your name, change your profiles, and more.

Strong passwords...

  • ...contain 12 characters or more;
  • ...include upper- and lower-case letters, numbers, and special characters;
  • ...are strings of characters that are not found in any dictionary;
  • not contain names or other identifying information about you or your family;
  • ...are unique and different for each account.

How thieves steal your passwords

Cybercriminals use data breaches at large online companies to steal millions of usernames and passwords all the time. Researchers estimate that billions of user accounts have been affected over the years. Therefore, it is important to use a different password for each account.

"Hello!", "123456", "password1", and "asdfgh1" are among the most common passwords in Switzerland. This makes it particularly easy for hackers to crack your passwords by using automatic programs that test thousands of dictionary entries combined with number combinations in a matter of seconds. After data breaches, weak passwords are among the top causes of network security breaches.

Cybercriminals also steal your login data through phishing (email manipulation).

Use a password

How can I remember so many different passwords? A password manager helps you out!

You are advised to use a different password for every service. However, given the vast amount of online services available today, remembering all your passwords without writing them down is nigh on impossible. Keep your passwords in a safe place, not on a piece of paper next to your PC, in your calendar, or in a booklet. The same applies to computers and smartphones: Do not create unprotected password files.

Use a password manager instead. Password managers are easy-to-use applications that help you manage your passwords automatically by creating, storing, and encrypting them.

Based on my own experience, I (Stefan Zahnd) recommend the password manager from Bitwarden. The free version offers all necessary functions up to the synchronization of the database on multiple devices and the sharing of passwords with other people (must also use Bitwarden). For an extra USD 10 per year, you get the premium version.

More password managers include:

The data protection officer of the Canton of Zurich assessed the most popular password managers.

A mnemonic to remember your master password

If you use a password manager, you must choose a "master password" to start the software and display your stored passwords. This password should be particularly strong. Choose a long and complex password containing upper- and lower-case letters, numbers, and special characters.

But how do you choose and remember a long and complex string of characters? Here are two options:

Take a couple of lines of your favorite song and turn them into a password:

Workin' 9 to 5, what a way to make a livin' / Barely gettin' by, it's all takin' and no givin'

= W925,wawtmalBgbisatang

Think of a long, easy-to-remember sentence, for example:

I saw two Shetland ponies, each with one foal, grazing on the mountainside.

= Is2Sp,ew1f,gotm

Think of a phrase that keeps coming to mind and string the words right together:

Three little blue horses drink coffee

= ThreeLittleBlueHorsesDrinkCoffee (34 characters, letters only)

Protect yourself with a second means of authentication

Many online service providers supplement the normal login password with a second means of identification. We recommend setting up a second factor wherever possible, especially for important accounts such as email, social media, bank accounts, health insurance, or other types of insurance. Learn more about two-factor authentication.