Both your computer and mobile phone, as well as various online services, require you to set a password. Poorly chosen or insufficiently long passwords pose a considerable security risk. Protect your devices and online login from unauthorised access, just as you lock the door when you leave your house or flat.
Do not reuse passwords
Use a different password for each individual online service.
Where possible, activate two-factor authentication
Protect access to your internet services with two-factor authentication (one-time password, text message token, etc.) whenever available
Minimum length of 12 characters
Passwords should be at least 12 characters long and contain lower and upper case letters, numbers and special characters.
Change your password
Authorities should ensure that impersonal passwords should be changed when employees are leaving. Optionally we recommend to define cycles for changing passwords.
Password manager
These programs manage a user's different passwords. Access is protected by a master password. This password must be very strong: if it is stolen, unauthorised third parties will gain access to all passwords stored in the password manager.
Do not let anyone look over your shoulder
If you use notebooks and mobile devices in public areas, use a privacy screen. You can purchase protective films from specialist retailers. Lock the screen whenever you are not actively using the device. Never leave devices unattended in public areas; instead, carry them with you.
Caution when entering your password
Never enter a password on a page that you have opened via a link. Always enter the address (URL) for the relevant online service manually in the address bar of your browser.
Never give out your password
Financial institutions, telecommunications and other service providers will never contact you via email or telephone to ask you to change your password.