Darmstadt - Hackers are always refining their methods of sniffing out other people's passwords. That's why experts advise that you always select tough-to-crack passwords. That means using different passwords for different web sites. Luckily, special programs are available to help you remember them all.

"There are two prime ways to steal users' passwords," explains Ruben Wolf from the Fraunhofer Institute for Secure Information Technology (SIT) in Darmstadt, Germany.

"Either the hacker tricks the user into revealing the password or the hackers test out various possibilities until they stumble upon the right one," says Daniel Bachfeld of the Hanover-based c't magazine. The first option is the current favourite among cyber criminals, he said.

Tricking the user into revealing the password is known as phishing. Phishers typically use forged e-mail messages to create the impression that the recipient is receiving correspondence from a trusted source - such as the user's bank. Clicking on a link embedded in the message leads to a counterfeit web site, at which point the user is then asked to enter personal data.

One glance at the browser's address bar is often enough to show when a site is bogus. Most sites that require the input of sensitive data also are usually SSL encrypted. Such secure sites are denoted with a lock symbol in the browser's status bar.

"Banks will never request personal data via e-mail," Bachfeld says.

Another increasingly popular attack method is trojans, says Guenther Ennen from the German Federal Agency for Security in Information Technology (BSI) in Bonn. Trojans are malicious programs that hide themselves on your PC, record your passwords, and then send them to the hacker.

"A trojan can get planted on your computer if you click on an e- mail attachment. It's also possible for trojans to infiltrate your machine by simply visiting certain web sites," he says.

"You can prevent trojans by installing a virus scanner and always keeping the rest of your software updated," Bachfeld says. That applies not just to internet browsers, but also to other programs like Flash players.

Hackers also use software to test potential passwords until they hit upon the right one. The best way to beat the brute force method, as it is known, is to select complicated passwords, Wolf says.

"Your wife's birthday, the name of your dog, or even your own phone number won't cut it," says Wolf.

Instead Wolf suggests a combination of capital and small letters, numbers, and special characters as passwords. Yet not all special characters are allowed in passwords, Ennen notes. "Nor should passwords include umlauts or other diacriticals, since you can't enter them in easily on foreign keyboards if you're on vacation," he adds.

A moderately secure password has at least eight characters, says Wolf. High security passwords have no fewer than 12. Under no circumstances should identical passwords be used for multiple sites.

Users who heed these warnings end up with a thick catalogue of passwords, making it hard to keep track of them all. There are both hardware and software solutions to help administer passwords, however, including the award winning RoboForm (http://www.roboform.com), available over the internet. (dpa)