Where do you hide your passwords?

Why is it always Easter at Identeco? And what do Easter eggs and passwords have in common? Sure: both Easter eggs and passwords are hidden - and found! But where do you hide your passwords?

Reading time:
6 min
Where do you hide your passwords?

What does Easter have to do with passwords and why is it always Easter at Identeco? Good questions that we want to answer here.

Hiding passwords

At Easter, it is a well-known custom to hide colored eggs, sweets and small gifts for children and adults who are young at heart and have them search for them on Easter morning. The main focus is on finding: eggs are hidden to be found.

Unless it happens to be Easter, you usually hide anything you don’t want to be found, such as diaries, keys, letters, and, of course, passwords. Passwords are still the most common way to authenticate yourself on the Internet, and should therefore be handled and hidden with some care. But where are passwords hidden?

The Post-it: Probably the oldest password manager in the world

A not so good, but probably still quite widespread way of “hiding” passwords, or rather managing them, are the famous post-its. The password is set, written on a post-it or notepad and distributed somewhere in the study or under the keyboard and often stuck directly to the monitor. Depending on who comes in and out of your home, this may still be okay in a private context.

However, you should also make sure that the notes are not visible through the window. In a business context and if you use this “procedure” in the office, it is certainly not recommended for many good reasons, first and foremost because it is very difficult to control who is leaving and entering.

The picture shows a post hit with "Passwort123!" written on it.

The note in the Bible: In the beginning was the password

Many users also like to hide slips of paper with passwords on certain pages in certain books, such as the Bible. Perhaps it was also adapted to the time of year in John 20, i.e., the resurrection of Jesus.

Basically, the book method is not that bad and reduces the probability of the passwords actually being found compared to the post-it method. In addition, this method already demonstrates a certain level of security awareness, as passwords were obviously chosen to be so complicated that they are not particularly easy to remember and are seriously hidden.

The picture shows a post-it in the bible with a password written on in.

The paper notebook: Erything in one place

Another way to hide passwords is the famous notebook! Compared to the Bible method, however, there is a greater risk of losing the notebook, which you sometimes carry around with you. And if the notebook then contains more than one password, the passwords to several accounts are gone and, even worse, known to criminals. Nevertheless, entering passwords in notebooks also demonstrates a certain level of security awareness.

The picture shows a page of a notebook with a list of three passwords.

The secure notebook: The password manager

A password manager is of course the best way to manage passwords. As the name suggests, password managers are programs that allow passwords to be stored and managed securely. Simple password managers are usually already known locally from your internet browser, which usually allow you to save passwords on the device you are using. However, such password managers are usually not particularly secure and are not protected by a master password by default. Local password managers also have the problem that they cannot be accessed via the internet. In the worst case scenario, password managers can also be hacked. Stealer Malware or spyware, for example, can then be programmed in such a way that local password managers can also be read. This is particularly dangerous because password managers not only store passwords, but also the associated email addresses and the services you have registered for.

There are now also online solutions for password managers that work without the need to constantly enter a master password and allow passwords to be managed externally. Our partner heylogin, for example, offers a password manager that can be accessed from anywhere without a master password.

The image shows an example of a password manager.

Search for passwords: Find passwords

Anything that is hidden is obviously worth finding. Accordingly, passwords are also a popular search target, around which an entire ecosystem has formed.

How passwords are found

Passwords are found with the help of steal malware, phishing, spyware or shoulder surfing. Once the passwords have been found for the first time, they are also exchanged on hidden channels and distributed further. All kinds of passwords can be searched for and found in these locations, known as the dark or deep web: Passwords from professional contexts, privately used passwords, and passwords for all kinds of accounts. Once a password has been found, you can, of course, do a lot of nonsense with it, such as identity theft through an account takeover. We have already reported on the consequences of account takeovers here.

Easter every day: How we search for passwords

At Identeco, it’s actually always Easter, because one of our main activities is searching for and finding passwords. To do this, we have agents in the dark corners of the Internet, i.e., where the criminals hang out, exchanging passwords. We eagerly read these passwords and write them into our database.

What else do we find

Of course, we don’t just find passwords. Our focus is actually on complete login data, such as pairs of email addresses and passwords, which we process in compliance with data protection regulations and make available to our customers and partners for comparison with their own login data. And we’re pretty good at it! In fact, we find around 300 million new login details every month to populate our database. This makes us one of the largest and fastest-growing leak databases in the world.

Conclusion

Hiding is not only done at Easter: secret things, such as passwords, should always be hidden - but can also be found. Criminals use sophisticated methods to find passwords and use them to take over accounts. On the other hand, we search for and find these passwords, where these criminals exchange them and enter them into our database in compliance with data protection regulations.

Account protection with Identeco

Identeco is fully committed to the data protection-compliant protection of accounts against takeovers using leaked log-in data. We search for and find passwords and log-in data - and not just at Easter!We process this data in compliance with data protection regulations and make it available to our partners and customers for comparison with their own data.If you would like to know more about us, please send us an email or choose an appointment.

Contact an Expert

Do you have any further questions or need specific help? Write us a message or arrange a meeting directly.

Contact Book a meeting

Show more

  1. Protection against identity theft through the extension of PHP with Argon2d

Get to the blog