We are dedicating this first post to one the most basic, yet most commonly overlooked aspects of Internet security and privacy protection – passwords.
What makes for a good password? What makes it strong or weak? First, let’s take a look at a few good (bad) examples of passwords. Each year a company called SplashData puts out a list of the worst passwords that are compiled from list of leaked passwords. Here are the top 10 worst from 2015:
If any of your online accounts use any of the above passwords, you should change them immediately. Passwords like this are well known to hackers and would be very easy to guess in just a few attempts.
What makes a weak password?
There are many factors, but here are a few of the more important things you should not do when creating your password:
– Only using numbers
– Using personal information that can be found online (think birth date)
– Using names of popular sports teams
– Using names of people
– Using names of superheroes
– Using names of amimals
– Using only a few characters
– Using common number combinations
– Using famous names
– Using notable dates
A Good Password
A good password is not really a password at all. Instead, get yourself in the mindset of creating a passphrase for your online accounts. A good passphrase will be hard to guess and easy to remember.
For example: The password “dog sniffle basket buffalo15” is fairly easy to remember, but would be nearly impossible to guess. Even if a hacker was using a software program to detect your password, it would take today’s best computers years to figure this one out.
At this point, it’s worth pointing out that no matter what password you choose, a government agency, or someone with enough dedication and resources can find out your password if they really want to.
But that doesn’t mean you should make it any easier for them. Here is a quick list of best practices and tools you can use to create a good password and follow good security practices going forward:
1) Create a password that easy to remember (for you) but hard to guess. For most people, choosing four random words and a number will establish a reasonable amount of security while still making remembering the password manageable.
2) Do not use words that are easily relatable to you or your family. For example, if you love baseball, don’t choose that as one of your words. If you are having trouble coming up with a passphrase, you can use this online password generator to have one randomly created for you
3) Do not reuse your password across multiple accounts. It’s best to create a unique password for every account, even if they are only slightly different. If you find this daunting, you can use a service like Dashlane that provides software to help you securely keep track of all of your passwords.
4) Verify that your passwords is secure: After you have created your new password, go test your password at this website. It will tell you how secure it is and also provide an estimate of how long it would take a computer to crack your password. For example, the password “dog sniffle basket buffalo15” would take about 1 octillion years for a computer to crack – not bad.
These are the basics. If you follow these simple rules for creating your passwords, you will be better off than most people out there on the Internet today. In our next article on password security we will dive into how you can easily create and manage a more complex passphrase.
Also, stay tuned for our article on Social Engineering and the methods hackers use to ASK YOU for your password. You will be shocked how often people will just offer up their password to a complete stranger.