Categories
online accounts

Organize and Secure Your Online Accounts and Passwords

Most of us today have a large number of online accounts. Almost every service requires registration – often even when the service could technically be used without an account. Online shops in particular push users to register so they can analyze purchasing behavior and provide personalized recommendations.

As a result, we all end up managing several dozen accounts. Many people reuse the same login credentials for most services out of convenience. What many don’t realize: most passwords can be guessed surprisingly easily. If you want to check this, compare your https://en.wikipedia.org/wiki/Wikipedia:10,000_most_common_passwords
If your password appears there, you can be sure attackers know it too. And this list is only one of many.

Even a strong password does not always protect you. If a provider has been hacked, your password may already be circulating on the dark web. You can check whether any of your accounts have been affected by a known data breach here:
https://haveibeenpwned.com/

Photo by Towfiqu barbhuiya on Unsplash

Why a Password Manager Is Essential

You need a unique, secure password for every service – long, complex, and never reused. The German Federal Office for Information Security (BSI) provides a good overview of what makes a secure password: https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Informationen-und-Empfehlungen/Cyber-Sicherheitsempfehlungen/Accountschutz/Sichere-Passwoerter-erstellen/sichere-passwoerter-erstellen_node.html

But hardly anyone can remember dozens of such passwords. You should memorize a few particularly important ones, such as those for online banking or work-related SSO access. Most accounts, however, are not critical – you can survive a few days without Zalando, but not without online banking.

For all less critical accounts, you should therefore use a password manager. There are excellent open-source solutions that are free of charge. Synchronizing your passwords via cloud services is also easy.

Security Despite Cloud Synchronization

Many people wonder whether it is dangerous to store a password database in the cloud. But the database is encrypted by the password manager itself. KeePass, for example, uses the Advanced Encryption Standard (AES) with 256‑bit keys. Such a key has
115.792.089.237.316.195.423.570.985.008.687.907.853.269.984.665.640.564.039.457.584.007.913.129.639.936
possible combinations. No existing supercomputer could crack that within a realistic timeframe – it would take millions of years.

Quantum computers may pose new risks one day, but by then password managers will long have adopted quantum‑safe encryption methods.

Which Passwords You Should Memorize

Think about which accounts are so important that you want to remember their login credentials. Especially for online banking or work-related access, you may not want to rely on opening your password manager first.

Photo by Suyash Mahar on  Unsplash

Go through your account list and ask yourself:

  • How long can I go without this account?
  • What happens if an attacker gains access to my login credentials? Could I live with deleting the account entirely in an emergency?
  • Would a public data leak of this account harm me health-wise, socially, or financially?
  • Is it worth the mental effort to memorize this password, or do I want to store it additionally in the password manager (possibly locally)?

After this analysis, you should have a list of your critical accounts – ideally fewer than ten. If you have more, or if you fear locking yourself out, a second, purely local password database as a backup may be useful..

How to Create a Strong Password

A strong password is primarily long. For example:

  • 10 characters (upper/lowercase + numbers): about 7 months of computation
  • 15 characters with the same character set: about 2,000 years of computation

Passphrases are ideal for this. They consist of long, easy‑to‑remember phrases – without worrying about grammar. You can add uppercase letters, replace spaces with special characters, or swap parts of the phrase for numbers.

The only important rule: avoid obvious sentences like “My name is XY and I was born in 19XX.” Better are creative constructions such as:

“Meinen4MenAccountBekommstDU.net”

Use Multi‑Factor Authentication

Enable multi‑factor authentication (MFA) wherever possible – especially for critical accounts. In addition to username and password, you will then need at least one more factor, such as:

  • a PIN from an authenticator app
  • a fingerprint
  • a hardware token

This makes attacks significantly more difficult.

However, keep in mind that MFA is not invulnerable. Attacks like “MFA bombing” or “MFA spamming” rely on users eventually approving a request out of annoyance. Never approve an MFA request unless you are certain you triggered it yourself.

Checklist

  1. Use a unique, long, and complex password for every online service.
  2. Regularly check whether your passwords are among the most common or have appeared in data breaches.
  3. Use a password manager to securely store and synchronize all non‑critical passwords.
  4. Decide for your most critical accounts whether you need an additional local copy of the password database or whether these passwords should remain stored locally only.
  5. Create strong passphrases that are long, creative, and easy to remember.
  6. Enable multi‑factor authentication wherever possible for added protection.
  7. Approve MFA requests only when you are certain you initiated them yourself.