Blog

Myth: “A-Trust knows all signature passwords - and can change them.”

20.12.2024

Montage: Blue processor chip with the image of a lock in the center

A common misconception is: “A-Trust knows all signature passwords and can change them.” Nothing could be further from the truth. For security reasons, nobody at A-Trust, not even our service team, has access to your signature password. And that's a good thing - since, the protection of your digital identity lies in your hands.

The art of a secure password

In the digital world, your password is the key to your most sensitive data. Unfortunately, simple and nonsecure passwords are still one of the most common causes of cyberattacks. Short combinations such as ‘123456’ or personal data like birthdays are like open doors for hackers.

So how do you create a secure password?

  • Long is safe: It should be at least 12 characters.
  • Creativity beats routine: A combination of upper and lower case letters, numbers and special characters is ideal. If there are fewer different character types, the password must be correspondingly longer (e.g. at least 25 characters for two character types)
  • Unique for every account: Never use the same password for different accounts. If one account is hacked, others remain protected.
  • Password manager as a helper: Tools such as 1Password or Bitwarden not only store passwords securely, but also generate complex passwords.

Additional security measures

A password alone does not offer complete protection, which is why adding two-factor authentication (2FA) or multi-factor authentication (MFA) is a crucial step. These functions supplement your password with one or more additional security factors. This can be a one-time code sent to your smartphone via app or SMS, biometric data such as fingerprint or facial recognition or a FIDO token - a physical device that guarantees secure access. This combination ensures that your digital access remains secure even if your passwords are hacked.

A good example is ID Austria: the user name and password are used as the first factor, supplemented by a device PIN, biometrics or FIDO token as the second factor - ensuring maximum security.

Phishing - the human factor

In addition to technical measures, the human factor is particularly important. One of the biggest threats is phishing, where fraudsters try to obtain your access data through fake emails or websites. Typical phishing emails ask you to ‘verify your account’ or click on a link that leads to a fake website.

Tips to avoid this:

  • Never share your passwords with others.
  • Never click on suspicious links or attachments.
  • Check the sender's address carefully.
  • Only enter sensitive data on trustworthy sites.
  • Protect your screens from prying eyes even when you are away from home.

Conclusion

Password security is not rocket science: by following these steps using strong, unique passwords, a password manager and additional protective measures such as 2FA or MFA, your data will remain secure. Also, stay vigilant against phishing attacks to protect your digital identity.

Remember: security starts with you!