Who’s to blame on Thursday the known major data Leak? It is still debated always sharply: How is it to explain that someone, the previous investigator was evidence alone, such a Potpourri of information about politicians and celebrities to collect and into the net. How did the Hacker of information from so many different E-Mail and Social Media Accounts?

During some of the the Affected individual mistakes, because they – or we, Internet users in General – to be carefree in the power to act, comes another aspect: the role of web service providers. You make it easy for your users, sometimes much too easy to fail in terms of IT security, regardless of the current data Leak.

Because of course it is naive, if someone follow such an important Account of how an E-Mail Inbox with simple numbers or “password” as the password. At the same time, the question arises: Why are some providers of these passwords, anyway? Codes that are, undeniably, a security risk?

“Fuck” on space of four

Whether data of the current data-Leaks “password” used as the password is unknown. It is clear, however, that many users make that kind of vulnerable – the evaluations show that the most popular passwords of Germany. 2018 layers according to one of them, “123456”, “12345” and “123456789” front – front “fuck”, “hi” at seven and “password” in ninth place.

Some of the services in again, that such pass words can be selected Gmail and Mailbox.org for example. In the case of the two supposedly most popular E-Mail providers in Germany, GMX and Web.de but you can get away with some silly input: “password” is assumed to be a Test on Wednesday, just like “12345678”. In the case of two providers, you do not need a minimum of eight characters as a password, a further condition is there.

At GMX turns in “password” and “12345678” and even each one of the bars is green, as the inputs would be well-suited as a password. And in the case of Web.de both characteristics lead to words, after all, to yellow traffic lights. It didn’t need more stop signs?

password choice for GMX

GMX and Web.de are just two examples, because the services in Germany are very popular and have been for many years (to the question of whether the penetrated, in the context of the data Leaks politicians and Celebrities in GMX Accounts, GMX, on demand, the company no such cases were “known”).

With the accusation, to allow weak passwords, you need to be looking at other companies. The Pay-TV offer Sky Ticket, for example, is in his access codes to four-digit Pins – and offers no Option to use more than four digits.

Where is the Two-factor authentication?

Also for online banking, some of the users annoyed for years that the Log-in in an Account only with a five – or six-digit code to protect, for example, in the case of Comdirect Bank. The looks, however is not a Problem and put off in the forums, users have long called for a so-called Two-factor authentication for Log-in.

in order for the Option to his Account so that each time you Log-in to the six digits will be in demand, but also according to a Code provided by SMS or App. is meant Only those who have both access code, gets on the end of access – the password alone is not enough. With many providers, even in the case of Social Media Accounts is Two-factor authentication easy to use and set-up (read more here). Others, such as the large Mail-provider T-Online, missing this opportunity.

GMX and Web.de, both of which belong to United Internet, out of here as bad as in the case of the password requirements: Both services do not offer Two-factor authentication – although for such a function again and again is required. On a MIRROR-demand, GMX and Web.de it means that an introduction of Two-factor authentication is planned for the second quarter of 2019.

Problematic requirements for new customers

In a test application with two services two more things on fell on Wednesday, the are no security gaps in the technical sense, but as pitfalls for users without great knowledge of the Internet could turn out to be:

Default secret questions Web.de

Web.de calls from Applicants answering a secret question, just in case that you want to forget the password and the Support access to his Account. A choice of five questions, and you can discourage users from answering any of them to be honest (tips for dealing with safety questions you find here).
Because, one may appreciate the risk, probably could find out quite a lot of people, such as the birth name of your mother is how your favorite movie is or what are the last four digits of your credit card. The latter Information is, even if someone has already captured your Payment information. GMX offers users at least the Option to invent your own secret question – in the case of Web.de this is also, but only later on via the menu “security”.

The second risk relates to GMX, but also in some other providers: those Who want to when registering his phone number, is obliged to specify a second E-Mail address, which helps in case of password forgetfulness, the access to get back. But nowhere is the important note that this address should be at least as well protected as the GMX-Account. After all, who comes in the second address purely, so also in the case of Yahoo, by resetting the second address for the password.

If the user set so it’s just things going wrong, you can bring your Accounts already in danger. Then, an attacker is neither an IT specialist must be an experienced Hacker to into their Accounts to penetrate. This then creates possibly a vengeful Ex-Partner or any student in his spare time.

And what should I do now? Three suggestions for users of GMX and Web.de 1. Consider, if your password for the Mail account is secure: Some GMX or Web.de-and probably created his Account many years ago and his password since then have not changed. Now is a good time to do it. Tips on password selection, you can find here. Also, make sure to use a password you use nowhere else. 2. If you Reset the account, a contact E-Mail address: Check if this Mail account is backed up for you at all still available and as good as possible – preferably by Two-factor authentication. Who has access to the contact address, GMX in this way, namely, your or Web.de password reset. You can think Vice versa also, if your GMX or Web.de account somewhere, as the reset address to use, and whether the clever. 3. Look at what you have specified at the point of “secret question”: really Know what is the answer to the question? You prefer to choose your own question than any of the proposed or take a proposed, but in combination with a fictitious answer that only you would know and remember. Important additional information: If you have your GMX or Web.de-account prior to the age of it but for a long time have not used, is worth it by the way to check whether it exists at all. Both GMX, as well as Web.de reserve, according to their terms and conditions, namely, to assign addresses after twelve months without a Log-in. This must not happen, but can. And in the worst case, someone else has that E-Mail address, some contacts or services cause for your keep, and can thus all sorts of Trouble. Reading tip of The own data secure: how to protect yourself from Hacks

Sam Yoon has many years of experiences in journalism. He has covered such areas as information technology, science, sports and politics. Yoon can be reached at 82-2-6956-6698.