Almost 30 percent use the same password for online services

The cat's name, the child's date of birth, the house number - many Internet users in Germany are comfortable when choosing their passwords. 29 percent use the same password for different online services, even though this poses major security risks. This is the result of a representative survey commissioned by the digital association Bitkom among 1143 people in Germany, including 1034 people who use the Internet.

Yet people in the country are fundamentally aware of the issue of password security. 75 percent of all Internet users make sure to use a mix of letters, numbers and special characters when creating new passwords; that is two percentage points more than in 2020 (73 percent). Changing their password at regular intervals is something 38 percent of users do, a secure password generator or password safe to create or manage their passwords is used by only 18 percent, and only 7 percent said they use passwords of different strengths for different online services.

"Using simple or always the same passwords is negligent. Criminals use digital dictionaries and common password lists, for example, and in this way can guess weak passwords in a few seconds with automated matching. Strong passwords, for example for e-mail accounts that require special protection, are therefore an absolute must," explains Sebastian Artz, Head of Cyber and Information Security at Bitkom. A secure password should be as long as possible and rely on a mix of letters, numbers and special characters. Common input patterns - starting with a word, followed by a number and a special character at the end - are easier to remember, but also easier for criminals to predict and exploit, Artz said.  

"Password safes can make it easier to store different and strong passwords for individual services," he said. With a particularly secure master password or a biometric feature such as a fingerprint, users can then log in anywhere," says Bitkom expert Artz. He also recommends the use of so-called two-factor authentication, in which a login must be confirmed by means of a second factor - such as an SMS code or a phone call. So far, however, only 37 percent in the country make use of this option.

More on this topic can be found here in the Bitkom press release.