07 June 2019Technology & Security

How do you create a strong and secure password?

Passwords are a series of characters (numbers, letters or special characters) that allow you to authenticate yourself when accessing a place or service. In fact, they’re quite like the key you use every day to lock and unlock your front door. And this is why, as explained by a security engineer at N26, “like your house key, passwords must be unique so that no one can guess them and access your mailbox, Spotify or bank account.”

Yet, how do you make sure you create a strong password, and how do you then remember it? This article will introduce you to a few different methods that should help you choose passwords and PIN codes that are adequately secure.

The importance of a secure password

Cybercrime is a real problem these days – one that’s faced by every individual and company. And while hackers rarely try to guess a single password to access a user's personal information, they do conduct so-called "dictionary attacks." In particular, these are characterized by their scale and can target thousands, or even hundreds of thousands of users, at the same time. Through advanced automated systems, these criminals attempt to guess user IDs by trying many combinations of commonly-used emails and passwords.

If your password is a simple one, it’s much easier for hackers to find it in a password dictionary. Depending on the platform under attack, they can then authenticate themselves in your place and access sensitive data.

In 2013, this is exactly what happened to Yahoo, when the web services provider fell victim to the largest cyber attack in the history of the Web – in total, more than 3 billion user accounts were affected.

An interesting website that allows you to check if your email address may have been affected by data leaks can be found here.

The different methods used to choose a strong password

Choosing a password is never easy, and judging its strength is often a challenge. Thankfully, there are several techniques that can be employed to create secure and difficult-to-guess passwords. And while many service providers now impose rigid rules to ensure you choose a strong password, there are also other factors to consider:

  • Avoid repetition or number sequences. If your password consists of repetitive elements or a series of numbers, hacker algorithms will find it easier to guess it.
  • Don’t use words or numbers that relate to yourself. It is important to avoid using numbers or words that are directly related to you or your habits – an example being your address, or your date and place of birth. This information is easy for cyber attackers to find, allowing them to use it to explore combinations that make up your password.

An engineer from our security team puts it like this: "Let's take the example of a public Instagram account. Hackers can easily detect the city you live in, or the place where you spend most of your holidays. If you’re often in Marseille, their systems will focus on this city and try to see if your password contains this place. If you’re using Marseille1313, your password can be easily guessed.”

These tips and tricks can also ensure your password is more secure:

  • Avoid series that form a pattern on a keyboard. This is because hackers know that many people tend to choose their passwords based on a keyboard pattern.
  • Choose 4 random words and numbers, or special characters. A technique that improves the security of your password is to choose a random sequence – for example, one consisting of 4 complete words and other characters.
  • Don’t use the same password on different platforms. Hackers know that this is a widespread trend, and it allows them to hack into your accounts much more easily.

Our engineer explains, "the question of how often passwords should be changed is a matter of debate. If it’s complicated enough, it shouldn’t be necessary. But if there’s any doubt about whether a third party has access to your data, it should be changed straight away. If you think that a third party has been able to access your bank account, it’s advisable to block your card and immediately contact your bank's Customer Service Department."

In summary, the longer your password is – and the more randomly chosen words, special characters and numbers it contains – the more secure it should be.

Additionally, it’s important to remember that all the platforms you use should have a strong password. This should not just be restricted to your banking app or personal online accounts.

Remember: The more information a hacker has about you, the more likely they’re to engage in malicious activities such as trying to access your personal details and accounts. For example, if your Amazon account is hacked, those responsible may well use it to make fraudulent orders or make purchases on your behalf.

Is it a good idea to use a password manager and/or generator?

The password generator

You can find many password generators online that randomly provide you with word combination, numbers and special characters to make up a secure password on a turnkey basis. Although these generators can be useful, the passwords they suggest are often impossible to remember.

The password manager

These days, with having to remember so many passwords, how can you avoid clicking on “I forgot my password” every other week? Well, this is where a password manager comes in.

"Password managers are essential. No one should have to remember all of their passwords. The manager asks you to remember only one password that then allows you to access the others, all stored in an encrypted way," explains our security team.

The password used to access the manager is only known to the user, and – if it is sufficiently secure – it means that all of your passwords are safe and you don’t have to remember every single one.

On top of this, password managers usually offer an integrated password generator that will suggest a secure combination as soon as you need to create one. If you choose to use the one provided, it will then be saved by your password manager.

How to choose a secure PIN code

Like passwords, PIN codes are used to authenticate you. They are composed of numbers and are used for bank cards, SIM cards or smart cards.

In order to choose the most secure PIN code, it’s important to choose numbers at random, avoiding repetition or personal information such as your date of birth or postal code... or any other number relating to you and your habits.

N26 automatically detects if your PIN code is not secure enough. If the one you choose doesn’t comply with the defined security measures, it will ask you to enter a new one. Since you can customize your PIN code and reset it whenever you want via the app, feel free to choose a PIN code that seems complicated. Even if you forget it, you can always change it.

To ensure the security and confidentiality of your personal data and information, we encourage you to use secure passwords and PIN codes on all of your platforms and services. And if you think your current credentials might be guessed by someone else, or if memorizing all of your passwords seems like an impossible feat, don’t forget – there’s always the password manager.

Back to Blog