It’s time to change your passwords. The recent data breach of Target’s customer information may have exposed sensitive information of as many as 110 million people. This is just the latest high profile company to be attacked by sophisticated hackers.
With so much data exposed, it has again become clear that no one should ever use “1223456” or “password” as a password. SplashData published its annual list of the worst online passwords and it is surprisingly similar to the year before. Unfortunately, rather than creating more original passwords, it appears that many people are just using longer chronological strings of numbers. If a “123456” password gets hacked, the solution is NOT to add a “7.”
The 10 worst passwords online are as follows:
Even high-level government offices have been caught using poor password selection. A recent Senate cyber security report detailed failures by federal officials to perform basic information security work such as installing security patches, updating anti-virus software, communicating on secure networks and requiring strong passwords.
It is critical for all of us to create more sophisticated passwords.
It seems like everyday there is a news headline about a major Internet security breach with passwords hacked, phished or stolen. It cannot be stressed enough that we all need to exercise better password safety precautions.
Mat Honan, a senior writer for Wired Magazine’s Gadget Lab, had the unfortunate experience of having his entire digital life destroyed in just one hour. His terrifying experience proves that a strong password is not enough anymore, but you must at the very least start with one.
Use Different Passwords Everywhere
It can be difficult to develop a perfect password that has all the right elements and yet you can still remember it, but do not be tempted to use it more than once. A study by BitDefender showed that 75 percent of people use the same password for their email and Facebook accounts. Now imagine what percentage of those might also use it for their online Banking or Amazon shopping password you can see why the risk is not worth taking.
Avoid Common Passwords
It should go without saying that you should never, ever, ever use “123456” or “password” as your password. Not only that, you should avoid at all costs using the name of your relatives, your kids, your pet, favorite team, or pretty much any word found in the dictionary.
Adding a number at the end of your password does not make it safer either. Hacker programs check for those variations too. SplashData’s “Worst Passwords of 2012” showed that bad password habits are simply not changing fast enough.
Complexity vs. Length
A strong password is one that cannot be easily guessed or broken. It should contain numbers, punctuation, and upper/lower-case letters. A complex password can be made even stronger with sufficient length. A 15-character password can potentially be 90 times harder to crack than a 14-character one.
Unfortunately users typically create password complexity in the same format. For example, when people are required to create an 8-character password with complexity, most will choose a standard dictionary word beginning with an uppercase letter followed by a lowercase letter. If they use a number, it will usually be a “1” or a “2” and placed at the end. If they use a symbol, it will typically be placed somewhere in the middle, often replacing a letter with a similar shape such as an @ or to replace an “o,” an exclamation mark for an “i.”
Two-Factor or Two-Step Authentication is a new added measure of security is being provided by many major sites such as Google and Facebook. Lifehacker has a handy post of all the places you can go to enable it for your online accounts.
For example, you can set Google to send a temporary PIN to your cell phone whenever you log in from an unfamiliar machine (this PIN must be provided along with your password the first time you attempt to log in via that new machine). This means a hacker would not only need to have your password, but your phone as well in order to gain entrance to your account.
We are all guilty of occasional laziness when it comes to password selection, but the absolute worst thing anyone can do is use “password” as his or her password. SplashData (a major password management application provider) recently published its annual list of worst Internet passwords and guess what was number 1?
“Password” ranks first on the list, followed by “123456.” Sequences of adjacent numbers or letters on the keyboard, such as “qwerty,” and popular names, such as “ashley” and “michael,” all are common choices.
Using any of these passwords puts you immediately at risk with hackers or identity thieves. To illustrate the point, Mel Brooks famously spoofed a terrible password choice in the movie Spaceballs.
SplashData created the rankings based on millions of stolen passwords posted online by hackers. The complete list:
If you are using any password on this list you should change it immediately. It is also advisable to use different passwords for every online account, especially between work and personal accounts. Hackers have exploited reused passwords in many high profile security breaches including Sony and HBGary Federal.
Recommendations from SplashData for choosing secure passwords include using numbers, letters and special characters whenever possible and creating long passwords of eight characters or more (separating short words with spaces or underscores).
Read more here: http://splashdata.com/splashid/worst-passwords/