The days of using ‘password’ as your password and thinking that no one would ever try to guess it are long gone, but despite that a lot of people do still use it or some other easily guessable word. These are the top 10 most common password security blunders.

  • 123456
  • 123456789
  • qwerty
  • password
  • 12345
  • qwerty123
  • 1q2w3e
  • 12345678

Pretty easy to guess right?

Within the IT world, passwords are still the most common form of security authentication, although that is beginning to change with the advent of biological authentication methods like fingerprints and retina scans, so it is vital that you have a good one on ALL your different accounts. Good security depends on it.

The first thing to avoid is using personal information as (or in) your passwords. Personal information is pretty easy to track down online or through some social engineering, so avoid using your pets or your kids names, your date of birth or other such information in your passwords. Also, just adding the current year to the end of a password doesn’t help much – the bad guys know lots of people do that so they just add it to their cracking algorithm!

A good password should have at least 10 characters, and should contain a combination of upper and lower case letters, numbers, punctuation marks and special characters like # or @.

The problem with a complex password like this is that the are difficult to remember, and you could argue that forgetting your password to some vital site or service is actually worse than having someone guess it. The solution though, is pretty easy. Instead of using a simple word for your password, use a phrase as a mnemonic.

For example, suppose your home address is 21 Some St, Mytown.

Your mnemonic phrase would be: “I live at 21 Some St, Mytown”

You password could then be derived from the mnemonic like: Il@#21SomeStMT! or whatever combination works for you.

Or for the Beatles fans a mnemonic of: “We all live in a yellow submarine”

Could give you a password of WaliaYS1966! (the song being released in 1966)

Another way to pick a good password is to combine a number with two unrelated words that together create a memorable picture. I usually find a verb and a noun work best:

For example 1SingingBanana or 3FlyingElephants. Of course we need to add a special character or two to these to strengthen them further. So we might have 1SingingB@n@n@! or 3FlyingEleph@nts.

The bad guys really are after your password.

The bad guys really are after your password. Your security depends on you having a good one.

A final way of picking strong passwords is to just use a phrase for 4 or more words, with or without spaces. Examples might be: “I l0ve Rock & R011” or “My s0n Jack eats Broccoli!”

Ideally you should make every password unique and use each one only once. Pretty much everyone uses the same password for many if not all their accounts, or just use two or three different ones over and over again. The problem with this is that if a hacker gets his hands on one of your passwords, it’ll give him access to any of your other accounts that use that same password. Try to think of some way to link in your mind the password with the site or service that it belongs to. So you might imagine the 3FlyingEleph@nts flying over your bank to help you remember your bank password.

My final piece of advice is to consider using a password manager. This is a bit of software that lives on your computer and remember passwords for you, which means that you can have VERY complex passwords and not have to worry about remembering them yourself. They do have their downsides though and don’t work in every situation, but they definitely improve security. I’ll do another post specifically about password managers another day.

I hope you found this useful. Feel free to add a comment.


One response

Leave a Reply

Your email address will not be published.

19 − eleven =