An initiative of APWG and the Swiss Internet Security Alliance (SISA).

Sing your password

A strong password keeps the criminals away from your data.
Make it long, complex and musical.

So hard to remember –
Sing it!


If you want to keep your data (e.g. fotos, documents, private information) safe, a strong password is key.

Strong passwords contain at least 10 characters that consist of numbers, upper and lower cases plus special characters.

In addition, passwords should never be used twice.

Each account deserves its own password: instagram, twitter, ricardo, email and eBanking clearly.

How to choose and remember all those long and complex character strings?

Here are two options:

  • Use a tool to manage your password, like LastPass, Dashlane or KeePass.
  • Take the first line of your favourite song and 'passwordify' it:

    I schänke dir mis Härz, meh han i nid!

    =

    1sdmH,mh1n!

Did you know?

81%
81% of hacking-related breaches leveraged either stolen and/or weak passwords.
2 minutes
It takes 2 min. to crack an all lowercase 5 character password for a computer program.
984 years
It takes about 984 years for a computer program to crack a password with 10 characters containing numbers, additional characters, upper and lower cases.
One for all
All for one
Having stolen one single passwords attackers will try this password for all accounts they find for the same person.
admin
Seeking access to your data, an attacker will try to use the default password of your devices first. Better change it.
Password day
Every first Thursday of May is Password Day! On this day everyone is reminded to use strong passwords and if possible two facto authentication.

Your password has been stolen? Your account has been hacked?


  1. Change your password immediately.
  2. Choose a strong password – Sing it!
  3. Observe the actions on all your online accounts and report suspicious events.

Passwords Icon

Stealing my password – what for?

Passwords give access to information: your contacts, friends, employer, birthday, credit card data, address… up to your entire identity.

Once possessing your password, attackers will try to gain as much information about you as possible – and then sell it to the highest bidder.

Don’t feel special, the most money is made out of password data packages. With the help of programs attackers try all the login data automatically. This takes no time and no effort.

The password is used to access your accounts

  • to steal your money.
  • to use your website, social media or email account to distribute malware or phishing content among your friends.
  • to steal your Identity to make purchases in your name or to use it for a malicious project.

Attackers are not hacking manually one account after another. They don’t have to.

Special programs are designed to try all possible character combinations. An 8 character string of upper and lower cases has 200 billion possible combinations, but it takes only one click and 470 minutes for this program to have calculated and tested all of them.

However, for some passwords it’s worth putting some effort. Passwords for your eBanking or ricardo account are very lucrative. Having them means getting your credit card data.

Common methods are guessing on basis of information found online, observing someone typing in their password or tricking people into revealing their passwords.

Have I been pwned?


Check if you have an account that has been compromised in a data breach on:

https://haveibeenpwned.com/

Have I Been Pwned (HIBP) is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or 'pwned' in a data breach.

Two factors for more security


By now, a lot of online services are offering to log in via 'two factor authentication' (2Fa).

Doing so, your identity is not only verified by your password but also by an additional component, such as e.g. a SMS code, a one time password or your fingerprint.

An example for 2fa in our every day life is using an ATM.

Passwords Icon