The Most Unsafe Password Choices
Let’s be brutally, painfully honest: Americans don’t do a very good job when it comes to creating security passwords. Don’t try to deny it — the facts prevent any argument on this matter: Our nation’s two most common passwords are “123456” and "password."
Terrible, Terrible Computer Passwords
Sophisticated password-cracking software programs run possible password combinations through multiple dictionaries, different languages, and even Wikipedia in the time it takes you to finish a cup of coffee. Before it hits the dictionary, however, any half-decent password cracker or invasive malware program runs through a list of commonly used passwords. And guess what? That list remains embarrassingly consistent.
Every year computer watchdogs publish “Worst Passwords of the Year” lists, and every year the same sad, overused passwords crop up. Popular choices include:
- password
- qwerty
- abc123
- letmein
- Iloveyou
- Passw0rd
- 111111
- 123123
- 123456
- 654321
- 1234567
- 12345678
If you use any of these passwords, don’t waste time defending your actions. Don’t hang your head in shame. Get to your account right now and change the password to something — anything — that isn’t on this list. We’ll still be here when you get back.
Nu3b3r5 and Pa55w0rd5
Popular wisdom recommends strengthening a password by adding numbers to it. While it's true a mix of letters and numbers provides greater security than letters alone, how we add numbers often defeats the purpose.
Look at the subheading for this section. Did you have any trouble reading it? Probably not, and neither would password-cracking software. People substitute numbers for letters in a predictable fashion: “I” and “l” become “1,” “S” becomes “5,” “E” turns into “3,” and of course, “o” becomes “0.” Children's activity books contain more complicated puzzle codes.
The practice of substituting numbers for letters in a password is so common that many password-cracking tools hunt for numerical alterations before they even start a dictionary check.
People sometimes add their birth year to the end of a password. On the surface, this seems reasonable: You’ve added numbers to your password, and you’re unlikely to forget your date of birth.
Trouble is, you haven’t added any real security. Once cracking software realizes that the first two digits are “19,” it becomes obvious the last four spaces of your password are a year. Including any personal information in a password only increases your vulnerability to identity theft.
Building a Better Computer Password
Adding numbers to a password does increase security, as long as the numbers appear random. Adding symbols, uppercase letters, spaces, and grammar also strengthens passwords.
Your password should make sense to you, but appear random to others. One option is to start with a favorite song or movie quote. For instance, take this line from America: “My country tis of thee, sweet land of liberty. Of thee I sing.”
Take the first letter from each word in the line and you have “mctotslolotis.” By itself, that’s a strong password: it’s over 12 characters long, easy to remember if you know the song, and apparently random. To make it stronger, substitute some numbers, symbols, and uppercase letters. You might wind up with something like: “mCt0t^s1O1^0tis.”
Over time, a password cracker could still decipher this apparent gibberish, but like many criminals, hackers and software viruses prefer soft targets. With so many 12345 and qwerty passwords out there, why spend time hacking a complex password?
Password Management Systems
Ideally, you need a separate password for every online account. In practice, few of us possess the memory to remember more than a couple of complex passwords. Encrypted password management software remembers your passwords for you. Just make sure that you choose a reputable, well-written program.