We all have a collection of passwords for our many online accounts. With so much personal and financial information stored online, it is important that we take the time to make sure our accounts can’t be easily infiltrated due to mediocre passwords. Read about 7 things to avoid regarding your passwords:
The Worst Passwords of Last Year
It isn’t easy to determine the “worst passwords” being used because passwords are (hopefully) kept secret and hidden. However, a company called SplashDatatallied up over 2 million leaked passwords, evaluated them, and compiled them into a ranking. Here’s what they found:
1. The Obvious Password
Seven of the worst offenders in that list are all variations on the same basic password: consecutive numbers. We see 1234, 12345, 123456, 1234567,12345678, 123456789, and 1234567890. I’m positive we also would’ve seen 1, 12, and 123 in the list if most websites didn’t enforce a four-character minimum.
It’s clear that people are using this password (and its variations) because it’s super easy to type. Just run your fingers from left to right across the numbers! That’s whyqwerty and qwertyuiop are on the list as well.
But passwords aren’t meant to be easy! A lot of people forget this for some reason. Using an obvious password — one that took you no time to devise — is just asking for someone to guess it. You might as well be using a lock that can be opened by any key.
2. The Default Password
It’s astounding that password is as widely used as it is. To be fair, a lot of devices come with that as the default password, but they also come with the expectation that the end user will at some point change that password to something more secure.
Unsurprisingly, it seems that a lot of folks are lazy and either refuse or forget to make that change. So, for example, even if your wireless network is properly set up, it would take zero effort to break in if you’re still using the default password.
Here’s the takeaway: whenever you get a new device or account and you’re given a default username and password — such as admin/admin or admin/password— do yourself a favor and change it immediately. Don’t delay.
3. The Short Password
One of the most important aspects of an unbreakable password is absolute length. Every additional character — whether it’s a letter, number, or symbol — expands the possibility space and makes your password exponentially harder to crack.
So in a sense, nothing is worse than a short password, and this is made evident when you look at the list of terrible passwords. (Only three of them have more than eight characters, and even eight characters is too short for real protection these days.) 1234 and solo are especially bad.
Make your passwords longer! Yes, even longer than what you’ve got. Wondering whether your password is long enough? It probably isn’t. Tack on a few more characters at the end. A lot of hackers rely on brute force, and this is a super-effective way to deter them.
4. The “No Numbers or Symbols” Password
All things considered, a longer password of only letters is usually better than a shorter password with letters, numbers, and symbols — but a longer password that incorporates letters, numbers, and symbols is certainly the strongest of the three.
The reason for this is that you want to maximize the number of possible choices for each character in your password. If you only use letters, that’s 26 possible choices per character. If you use letters, numbers, and symbols, that’s at least 46 possible choices per character — and that difference has an exponential impact.
So aywiresufzklthfrs is an okay password, ayw4r2s8f8kl43f2s is even better, and a!w4_2s8#8kl43f2% is the best. As you can see, none of the items in the worst passwords list have any symbols in them. Coincidence? Not at all.
5. The “L33T SP34K” Password
If you’re going to use numbers and symbols in your password, there is one caveat that you need to know about: if your password contains complete words, never make simple letter-to-number or letter-to-symbol substitutions for individual characters.
For example, if your password is cableCABLE, don’t replace the a with @, the l with 1, the A with 4, and the E with 3. You might think the resulting password —c@b1eC4BL3 — is a lot stronger than the original, but there’s a good chance it isn’t. (No, passw0rd is not any better than password.)
Password hackers know that people like doing this, so if one tries to break into your accounts, they’re going to try all of these substitutions anyway. Similarly, if your name is DANIEL and you set your password as D4N13L, it’s still pretty easy to guess.
6. The “Personal Info” Password
While we’re on the subject of using your name in your password, there’s only one thing to say: DON’T! In fact, whenever you’re trying to come up with a new password, never include any personal details. A good password should have no relation to you whatsoever.
For example, it’s clear that a lot of people like football and baseball, both of which appear on the list. If you’re a big fan of either sport, it would be trivial to guess.
Of the many ways that a hacker can break your password, social engineering is one of the most effective. Nowadays, personal details are available all over the Web (especially on social networking profiles), and that kind of access makes it easier to guess weak passwords.
Instead, you may want to use one of these strong password generators that can create passwords based on your personality and interests.
7. The Pattern Password
I’ll be the first to admit that I memorize all of my passwords through musclememory, so whenever I need to come up with a new password for a new account, it’s always tempting for me to rely on some kind of pattern in the keyboard keys.
There’s nothing wrong with that if you do it properly. After all, muscle memory is a great way to memorize long, unwieldy passwords that are otherwise nonsensical. However, never resort to an overly simplistic pattern, like 1qaz2wsx, qwerty, orqwertyuiop.
This advice is definitely more important in situations that require a four-digit PIN — such as for ATMs or smartphone lock screens — since PINs have a much smaller possibility space than full passwords. Still, try to make sure your pattern passwords aren’t too obvious.
SRC: See the original article here: www.makeuseof.com/tag/7-password-mistakes-will-likely-get-hacked/