Offizielle Vorlage

Password security best practices

von @Admin

Technologie & Digital

10. Apr. 2026

How do I create and manage secure passwords in the age of AI hacking?

Projekt-Plan

9 Aufgaben

Adopt the Passphrase Method for Master Credentials

{{whyLabel}}: AI-driven cracking tools like PassGAN can crack short, complex passwords in seconds by predicting patterns, but they struggle with length and randomness.

{{howLabel}}:

Select 4 to 5 completely random, unrelated words (e.g., 'Correct-Battery-Staple-Horse').
Avoid famous quotes, song lyrics, or personal info that AI can scrape from social media.
Aim for at least 20+ characters to maximize entropy.

{{doneWhenLabel}}: You have a unique, unguessable passphrase memorized for your primary vault.

Install an Open-Source Password Manager

{{whyLabel}}: Human memory is the weakest link; a manager allows for unique, 30+ character passwords for every site without the need to remember them.

{{howLabel}}:

Download a reputable open-source manager (e.g., the community-driven Bitwarden or the local-first KeePassXC).
Enable 'Zero-Knowledge' encryption settings if prompted.
Install the browser extension and mobile app for seamless cross-device synchronization.

{{doneWhenLabel}}: The password manager is installed and secured with your new master passphrase.

Set Up a TOTP Authenticator App

{{whyLabel}}: SMS-based 2FA is vulnerable to SIM-swapping; Time-based One-Time Passwords (TOTP) provide a rotating offline code that AI cannot intercept remotely.

{{howLabel}}:

Install a privacy-focused authenticator app (e.g., Aegis for Android or Ente Auth for cross-platform).
Ensure the app itself is locked with biometrics or a PIN.
Avoid using the same password manager to store both the password and the TOTP seed for high-value accounts (separation of concerns).

{{doneWhenLabel}}: Authenticator app is ready to scan QR codes for two-factor setup.

Audit Compromised Accounts via Data Breach Databases

{{whyLabel}}: AI hackers use 'Credential Stuffing'—taking passwords from old leaks and trying them on other sites automatically.

{{howLabel}}:

Visit a trusted breach check service (e.g., 'Have I Been Pwned').
Enter your primary email addresses to see which services were compromised.
Prioritize changing passwords for any service listed as 'Pwned'.

{{doneWhenLabel}}: You have a list of accounts that require immediate password updates.

Activate Passkeys for Primary Accounts

{{whyLabel}}: Passkeys use WebAuthn cryptography, making them immune to phishing and AI-generated fake login pages because there is no 'password' to steal.

{{howLabel}}:

Go to security settings in Google, Microsoft, or Apple accounts.
Select 'Create a Passkey'.
Follow the prompts to link it to your device's biometrics (FaceID/Fingerprint) or a generic hardware security key.

{{doneWhenLabel}}: Your most critical accounts are accessible via passkey without a traditional password.

Update High-Value Accounts with Generated Passwords

{{whyLabel}}: Unique passwords prevent a single breach from cascading into a total identity takeover.

{{howLabel}}:

Start with your Email, Banking, and Government accounts.
Use your password manager's generator to create 30+ character strings (include symbols, numbers, upper/lower case).
Replace old, reused passwords with these new generated ones.

{{doneWhenLabel}}: Your top 5 most important accounts have unique, high-entropy passwords stored in your manager.

Secure and Print Account Recovery Codes

{{whyLabel}}: If you lose your phone or forget your master passphrase, recovery codes are the only way to avoid permanent lockout.

{{howLabel}}:

For every account where you enabled 2FA/Passkeys, generate 'Backup Codes' or 'Recovery Keys'.
Print these codes on physical paper.
Store the paper in a fireproof safe or a secure physical location, NOT on your computer or cloud storage.

{{doneWhenLabel}}: You have a physical backup of recovery codes for your critical digital identity.

Implement Email Aliasing for New Signups

{{whyLabel}}: AI can link your identity across platforms using your primary email; aliasing breaks this link and prevents spam/phishing.

{{howLabel}}:

Use a generic email aliasing service (e.g., those provided by privacy-focused mail providers or open-source relay tools).
Create a unique alias for every new service you sign up for.
If an alias starts receiving spam, simply disable it without affecting your main inbox.

{{doneWhenLabel}}: Your primary email address is hidden from public-facing web services.

Schedule a Quarterly Security Audit

{{whyLabel}}: Security is a process, not a product; new AI vulnerabilities emerge constantly.

{{howLabel}}:

Set a recurring calendar reminder for every 90 days.
Check for software updates for your password manager and OS.
Review your password manager for 'weak' or 'reused' password alerts.
Delete accounts for services you no longer use to reduce your attack surface.

{{doneWhenLabel}}: A recurring event is set in your calendar with a checklist for the audit.