Is Your Password on the Naughty List?
It’s that time of year when we look back on our mistakes and vow not to continue making them in the new year. Using weak passwords, and using passwords incorrectly, is a perennial shortcoming that afflicts millions. Here is one software company’s list of the worst passwords seen in 2017, and my tips for improving password security…
Worst Passwords of 2017 (is yours on the list?)
The list of the worst passwords was compiled by SplashData, a producer of password management software. By “worst,” the company means the passwords most commonly found in a database of 5 million hacked accounts. Are you using any of them?
If so, hackers will break down YOUR doors first. They collect hundreds of millions of passwords, trade them, analyze them, and develop malware that can attack millions of accounts per second, starting with the passwords that are most likely to succeed. If the first try doesn’t work, software tries again. If the attacker is locked out after X failed attempts, he’ll get back to you when the lockout period expires. Patience and prodigious processing power win eventually.
The list below is SplashData’s top 25 worst (that is, most hacked) passwords. Some losers moved up the list from 2016, others dropped down. Some appear and disappear with shifts in pop culture or sports teams fortunes.
|1 - 123456 (unchanged)||2 - password (unchanged)|
|3 - 12345678 (up 1)||4 - qwerty (up 2)|
|5 - 12345 (down 2)||6 - 123456789 (new)|
|7 - letmein (new)||8 - 1234567 (Unchanged)|
|9 - football (down 4)||10 - iloveyou (new)|
|11 - admin (up 4)||12 - welcome (unchanged)|
|13 - monkey (new)||14 - login (down 3)|
|15 - abc123 (down 1)||16 - starwars (new)|
|17 - 123123 (new)||18 - dragon (up 1)|
|19 - passw0rd (down 1)||20 - master (up 1)|
|21 - hello (new)||22 - freedom (new)|
|23 - whatever (new)||24 - qazwsx (new)|
|25 - trustno1 (new)|
"Hey Captain Phasma, I got your password right here!"
This is not the first appearance of “starwars” among the top 25. It appeared in the 2015 list at number 25. With the 2017 release of “Star Wars: The Last Jedi,” the password “starwars” has soared to number 16 on the list. It was inevitable, given human nature. Hackers can predict human behavior with a very high degree of accuracy.
“123456789” and shorter versions comprise 50% of the top 10 on this list. The popularity of this crude password formula implies that many online systems still do not impose any rules at all for acceptable passwords! Of course, we must keep in mind that the list comes from a database of accounts that were hacked, so the crudest passwords would naturally be the most common ones in that database.
SplashData’s top 100 bad passwords are available in PDF format. Some are vulgar. Many are common names like “Michelle,” “Jordan,” “William,” etc. Sports-themed passwords are common and easily guessed; “hockey” is no better than “football.” I wonder what happened in “1992” that makes that year number 90 on the list.
In my article, Here’s Why Your Password is Hackable, I discuss what’s wrong with most password rules set by system administrators. Basically, the rules further restrict the universe of potential passwords that hackers must try, making their wicked work easier. I also mentioned “researchers at Carnegie-Mellon University:”
The CMU geeks have created a strength meter that uses a powerful neural network to calculate the true strength of a hypothetical password on the spot, and even explains what’s wrong with your password creation strategy. The rules they recommend are:
• At least 12 characters per password
• Capitalized and special characters in the middle of the password, not at ends
• No names associated with pets or sports teams
• No song lyrics
• Avoid the word “love” in any language
• Avoid patterns such as “123,” including keyboard patterns (“qwertyasdfg”)
The Benjamin Franklin Method
In the past year, data breaches have exposed millions of usernames, passwords and other personal data that can be used to hack into online accounts. So now is a REALLY good time to change your passwords, and to make sure they are secure enough.
You should also be aware that using the same login and password for all your online accounts is a bad idea. If just one of them is compromised, you've handed over the keys to your kingdom. Imagine the damage that someone could do if they had the login credentials for your email, your Facebook account, and your online banking. Now think how much worse it could get if they also had the keys to your online backup, where all your personal files are stashed away.
If you'd rather use your little grey cells instead of password management software, here's a tip. The best do-it-yourself password may be a sentence that is easily recalled; a favorite proverb, for instance, such as, “AStitchInTimeSaves9”. In an earlier article on password security, I suggested taking a sentence from an old book, such as "The Autobiography of Benjamin Franklin."
But please, don’t use “Iforgotmypassword!” Hackers are onto that one. Have you been hacked because of a weak password? What's your password strategy? Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 26 Dec 2017
|For Fun: Buy Bob a Snickers.|
[TIPS] Buying a Computer Monitor
The Top Twenty
Geekly Update - 27 December 2017
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Is Your Password on the Naughty List? (Posted: 26 Dec 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved