Deutsch
EnglishWhere do you hide your passwords?
- Reading time:
- 6 min
What does Easter have to do with passwords and why is it always Easter at Identeco? Good questions that we want to answer here.
Hiding passwords
At Easter, it is a well-known custom to hide colored eggs, sweets and small gifts for children and adults who are young at heart and have them search for them on Easter morning. The main focus is on finding: eggs are hidden to be found.
Unless it happens to be Easter, you usually hide anything you don’t want to be found, such as diaries, keys, letters, and, of course, passwords. Passwords are still the most common way to authenticate yourself on the Internet, and should therefore be handled and hidden with some care. But where are passwords hidden?
The Post-it: Probably the oldest password manager in the world
A not so good, but probably still quite widespread way of “hiding” passwords, or rather managing them, are the famous post-its. The password is set, written on a post-it or notepad and distributed somewhere in the study or under the keyboard and often stuck directly to the monitor. Depending on who comes in and out of your home, this may still be okay in a private context.
However, you should also make sure that the notes are not visible through the window. In a business context and if you use this “procedure” in the office, it is certainly not recommended for many good reasons, first and foremost because it is very difficult to control who is leaving and entering.
The note in the Bible: In the beginning was the password
Many users also like to hide slips of paper with passwords on certain pages in certain books, such as the Bible. Perhaps it was also adapted to the time of year in John 20, i.e., the resurrection of Jesus.
Basically, the book method is not that bad and reduces the probability of the passwords actually being found compared to the post-it method. In addition, this method already demonstrates a certain level of security awareness, as passwords were obviously chosen to be so complicated that they are not particularly easy to remember and are seriously hidden.
The paper notebook: Erything in one place
Another way to hide passwords is the famous notebook! Compared to the Bible method, however, there is a greater risk of losing the notebook, which you sometimes carry around with you. And if the notebook then contains more than one password, the passwords to several accounts are gone and, even worse, known to criminals. Nevertheless, entering passwords in notebooks also demonstrates a certain level of security awareness.
The secure notebook: The password manager
A password manager is of course the best way to manage passwords. As the name suggests, password managers are programs that allow passwords to be stored and managed securely. Simple password managers are usually already known locally from your internet browser, which usually allow you to save passwords on the device you are using. However, such password managers are usually not particularly secure and are not protected by a master password by default. Local password managers also have the problem that they cannot be accessed via the internet. In the worst case scenario, password managers can also be hacked. Stealware or spyware, for example, can then be programmed in such a way that local password managers can also be read. This is particularly dangerous because password managers not only store passwords, but also the associated email addresses and the services you have registered for.
There are now also online solutions for password managers that work without the need to constantly enter a master password and allow passwords to be managed externally. Our partner heylogin, for example, offers a password manager that can be accessed from anywhere without a master password.
Search for passwords: Find passwords
Anything that is hidden is obviously worth finding. Accordingly, passwords are also a popular search target, around which an entire ecosystem has formed.
How passwords are found
Passwords are found with the help of stealware, phishing, spyware or shoulder surfing. Once the passwords have been found for the first time, they are also exchanged on hidden channels and distributed further. All kinds of passwords can be searched for and found in these locations, known as the dark or deep web: Passwords from professional contexts, privately used passwords, and passwords for all kinds of accounts. Once a password has been found, you can, of course, do a lot of nonsense with it, such as identity theft through an account takeover. We have already reported on the consequences of account takeovers here.
Easter every day: How we search for passwords
At Identeco, it’s actually always Easter, because one of our main activities is searching for and finding passwords. To do this, we have agents in the dark corners of the Internet, i.e., where the criminals hang out, exchanging passwords. We eagerly read these passwords and write them into our database.
What else do we find
Of course, we don’t just find passwords. Our focus is actually on complete login data, such as pairs of email addresses and passwords, which we process in compliance with data protection regulations and make available to our customers and partners for comparison with their own login data. And we’re pretty good at it! In fact, we find around 300 million new login details every month to populate our database. This makes us one of the largest and fastest-growing leak databases in the world.
Conclusion
Hiding is not only done at Easter: secret things, such as passwords, should always be hidden - but can also be found. Criminals use sophisticated methods to find passwords and use them to take over accounts. On the other hand, we search for and find these passwords, where these criminals exchange them and enter them into our database in compliance with data protection regulations.
Account protection with Identeco
Identeco is fully committed to the data protection-compliant protection of accounts against takeovers using leaked log-in data. We search for and find passwords and log-in data - and not just at Easter!We process this data in compliance with data protection regulations and make it available to our partners and customers for comparison with their own data.If you would like to know more about us, please send us an email or choose an appointment.
Artikel teilen