In our last article we discussed how passwords work, how hackers go about stealing passwords and how the problem is a lot larger and more costly than anyone likes to admit. Really, it's terrifying how much information gets stolen on a weekly basis.
With that in mind, it is time to teach you the difference between a bad, insecure password and a good, strong one. We really want to make sure you understand this, so we are not going to just give you examples; we will explain the underlying dynamics.
Why Bad Passwords Are Bad Passwords
Bad Password Example 1: Using Family Names and Dates
Example: Erin80Zach78
- Your Thinking: “I use my kids’ names and the years they were born. How would anybody know that?”
- Why This is Bad: Hackers can and will look up information on their targets. They then enter that information in to their hacker software, and “Viola!”
Bad Password 2: Using Personal Information
Example: *F0urthStr33t!
- Your Thinking: “I can remember this because it is the name of my street with some symbols to make it secure.”
- Why This is Bad: Just like they can find out your friends and family members, they can also find out where you live or previously lived, which they will also use to try to crack your password. They are also hip to common letter replacements.
Bad Password 3: Using Patterns
Example: 456xyz
- Your Thinking: “Patterns are random and easy to type and to remember.”
- Why This is Bad: These types of patterns are the first thing hackers try when attempting to hack an account, because they are the most commonly used passwords. This password is also too short.
Bad Password 4: Recycling Passwords
- Your Thinking: “I have a really good password, and this way, I only have to remember it once.”
- Why This is Bad: If someone gets ahold of your password one time, they have it for everything. This is how hackers got into multiple social media accounts for Mark Zuckerberg, the CEO of Facebook. They got the password from his LinkedIn account and used it on his Twitter and Pinterest accounts.
Bad Password 5: Using Common Passwords
Example: password
- Your Thinking: “It’s so easy to remember.”
- Why This is Bad: Remember the story of how the 18 year-old Scottish student was able to access “Best Korea's Social Network?” He did so by using "admin" as the username and "Password" as the password. Oops.
Becoming a Password Master
Comic credit: https://xkcd.com
Let’s start off your training with a quick warm-up that comes in the form of the top 25 most commonly used passwords:
- 123456
- password
- 12345678
- qwerty12345
- 123456789
- football
- 1234
- 1234567
- baseball
- welcome
- 1234567890
- abc123
- 111111
- 1qaz2wsx
- dragon
- master
- monkey
- letmein
- login
- princess
- qwertyuiop
- solo
- passw0rd
- starwars
That warm-up segues perfectly into the first tip:
Password Master Tip 1: Do not use any of the most commonly-used passwords. No further explanation is needed.
Password Master Tip 2: Do not use any information that can be found online. Social media and online directories have made it super easy for hackers to find personal information, like your street name, the city where you were born, and the names (or any other information) of friends or family members who are connected to you on social media.
Password Master Tip 3: Mix it up. Your master password should include all of the following:
- Numbers
- Symbols
- Lowercase letters
- Uppercase letters
Password Master Tip 4: Make it longer. Passwords should contain at least 10 characters, but aim for 12.
Password Master Tip 5: Avoid dictionary words. Hacking software uses dictionary words to crack your passcode, so avoid any words or word combinations that can be found in the dictionary. Think of a nearby street name or the name of great elementary school teacher you loved or loathed: m!Lt0n^p0pp!nS
Password Master Tip 6: Avoid obvious substitutions. T!ger211 is not a good substitution for a word found in the dictionary, though it can be used in conjunction with a non-dictionary password.
Password Master Tip 7: Passwords are not recyclable. It is important that you not use the same password over and over, and to change your passwords every six months or so. Again, if a hacker gets ahold of it, you are in big trouble. Wherever you store your passwords, make sure it is not easily accessible, like a sticky note beside your computer or on a spreadsheet. It is easier to hack a computer than it is to hack a server. And please, never give your password to anyone!
Password Master Tip 8: Make it a password to remember. You don’t want to keep forgetting your password, so consider a sentence that contains lowercase and uppercase words, as well as numbers and symbols: “My first-ever movie was ET in 1982” and turn it into M1emw3T!!982.
Password Master Tip 9: Random is better. It’s good to make it memorable, but definitely mix it up so that it would be nearly impossible for someone to figure it out. The website
diceware.com helps you generate a random password with the roll of a dice.
Password Master Tip #10: Consider a password generator. It also doubles as a password keeper. This service is not usually free but it is a lot cheaper than having your bank account hacked. When searching for a company, make sure to look at reviews so you know it is safe.
Conclusion
With all the hacking going on, it is important to be smart and stay alert. Use strong passwords and change them regularly to ensure your online security. Also, never give your password to anyone! (Have we mentioned that before?)
Shaun Olsen is the CEO and president of CloudWyze. CloudWyze was created to help businesses focus and perform at their optimal level by crafting and executing custom technology plans for businesses of every type and size. To learn more about CloudWyze, visit www.CloudWyze.com. Shaun can be reached at [email protected] or (910) 795-1000.