No Surprises: Worst Passwords of 2014

January 21, 2015 at 11:25 pm (1Password, Applications, Productivity, security) (, , , )

Yesterday, SplashData announced its annual list of the 25 worst passwords (read: most common) on the internet. The list is compiled from over 3.3 million leaked passwords. Having worked at an Apple store for five years, the greatest offenders were no surprise to me. During those first few months at Apple, I was constantly amazed at the number of customers who used many of these top passwords.  Not surprisingly, many of these folks were hacked. The most common offenders were (are you ready for it?) “123456”,  “password”, and “qwerty”. Other commonly used passwords that are easily guessed by hackers, or by someone you know who might like to get into your account for nefarious purposes, include names (yours, your significant other, your favorite pet), favorite sports (baseball, football, golfer), favorite sports team (yankees, steelers, rangers), and favorite superhero (superman, batman). Hackers commonly use a “dictionary crack” which takes only a short time to run. If you use a word or words from the dictionary with no letters or symbols to break it up, your password can be easily guessed by the program.

Because of so much publicity surrounding data breaches this past year (Target, Home Depot, and many others), people are finally starting to pay attention and use slightly stronger passwords.  However, simply substituting numbers for some letters (3 for E, 4 for A, etc.) is really not enough anymore.  While “P4ssw0rd” is better than “password”, it is still easily guessed. It would be better to use something like “P4$$w)rd”, which is still “password”, but with substitution of numbers and symbols. Another big risk that people take is using the same password for all their sites.  If your login information was accessed during a data breach, all the hacker needs to do at that point is start using that login information for the common banks. If you reuse passwords (use the same password for your Target account that you use for your Bank of America account) then the hackers have just gotten both your Target account information and your banking information. Now do you see why reusing passwords is a bad idea? 

DilbertPasswordInstructions

Here are a few tips to make your passwords stronger: 
1.  Use a combination of upper and lower case letters, numbers, and symbols.  Most sites have a minimum length, but it can vary from 4 to 8 characters up to 14 to 18 characters or more.
2.  Do not reuse passwords. In other words, don’t use the same login information for multiple sites. 
3.  Use two-factor authentication when possible.  Many sites like Facebook, Twitter, Google, Battle.net, and others, are using this method, which is like having a security door in addition to your main door. Each time you log into the account, you are sent a code to your phone to enter after entering your initial credentials. It changes each time you login, so a hacker would have to have access to your device at the time of the login attempt in order to get the code.  
4.  Wait for it.  You know it’s coming.  Use a password manager such as 1Password for the best possible security.  Not only does 1Password store all your login information for every site you visit, but it will also generate strong passwords for you (and you can set criteria, such as length, number of characters and symbols,  etc.), and you only have to remember your master password.  The app remembers all your other passwords for you. In addition to login information and passwords, it also stores secure notes, attachments, software information (serial numbers and software keys), network information, banking info, and more.  It works across platforms, and is always in sync.  Best of all, the next time there is news of a data breach somewhere, and everyone is scrambling to change their passwords, you can sit there with a smug grin on your face knowing that you don’t have to worry about it. Do you have any tips or tricks to add?  Do you want to tell us the ‘best worst password’ you’ve used (or heard of)? Let us know in the comments. 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: