This makes things easy for cybercriminals: Most passwords in Germany are still much too easy to crack. What’s more, the data millions of hacked accounts is circulating on the Internet, functioning as multiple-use keys.
While password leaks are becoming more and more extensive, users remain as unsuspecting as ever: If you ignore the pure number combinations, 'hallo', 'passwort' and 'hallo123' are the most-used passwords in Germany. Otherwise, '123456' remains the world leader. For its ranking, the Hasso Plattner Institute (HPI) has analyzed and evaluated 31 data leaks that are freely available online, as well as one billion user accounts. HPI Director Prof. Christoph Meinel strongly recommends that you do not use the same password for several accounts, computer generate them wherever possible and change them on a regular basis. The HPI Identity Leak Checker can be used to find out whether your email address has already been compromised and if so, to what extent.
Equally dangerous are targeted phishing attacks on privileged account holders and access to clouds which cannot be managed using central password software. In order to prevent identity theft, companies are increasingly reliant upon intelligent IAM (Identity and Access Management) with password managers, which also take context data such as the time and location of access into account during login. Likewise, decentralized solutions for key storage are currently emerging in reaction to spectacular database hacks. These distribute password verification across several servers, or realize entire identity management via the blockchain.