By Praveen Kannan and Anna Strokolyst The Hotspot Shield team believes the internet should be open and secure …
Do you think you have a handle on what makes a good online password? Chances are your ideas are a lot better than some of the worst passwords of 2015. SplashData, a software company marketing a password management product called SplashID, recently released its list of the worst passwords of the year. (Don’t worry, they aren’t sharing any secrets — these passwords were all publicly leaked.) Some of them are real doozies.
Passwords to Steer Clear Of
Ready for a quick glimpse of what you absolutely shouldn’t do when it comes to creating passwords? Check out some of last year’s worst password offenders — hopefully, none of yours are on this list:
- 12345 (and variations 123456 and 12345678)
- password (and its variant, passw0rd)
You get the idea. While these passwords seem to be quite different, they actually have a lot in common: They’re short, use common names and words, embrace popular trends (starwars, solo, princess), and are surprisingly easy to hack.
While these passwords are good for a laugh, they actually expose a startling lack of awareness on the part of their owners, making them easy marks for cyber attacks and identity theft. As many have learned the hard way, the first step toward protecting your personal and financial data from would-be intruders is to use strong, hard-to-crack passwords.
The Old-School Advice Is Still Good
If you aren’t ready to invest in a password management system — and most people really should — you can still take simple steps to create passwords that aren’t easily cracked. According to the old-school advice, these are the basics for stronger passwords:
- Longer is better, and when it comes to passwords, 12 characters is the minimum, 15 is even better.
- Mix it up; it’s best to have a combination of capital letters, lowercase letters, numerals, and symbols. The easier it is for you to type, the easier it is for a hacker to crack.
- Avoid obvious substitutions, such as a zero for the letter “o,” or a dollar sign for the letter “s.” Using “prince$$” for a password isn’t much safer than the original “princess” in the list above.
- Don’t get personal — avoid using your name or the names of family members, birth dates, phone numbers, addresses, or any other words connected to easily obtained personal data.
- Stay away from trendy words and phrases; the release of the new Star Wars movie was behind a lot of terrible password decisions last year. If it’s in the news, it shouldn’t be in your password.
- Use different passwords for any accounts that store financial information — don’t create a virtual skeleton key that unlocks all your online credit cards. If it’s too hard to remember a lot of different passwords, see the recommendation above and get a password manager.
If you follow these pointers, you’ll have a much stronger password that will do a better job of protecting you online. But that’s just the beginning.
Think Passphrase Instead of Password
Many cyber security experts recommend creating a passphrase of four to six random, unconnected words. Some time ago, the web comic XKCD produced a funny and compelling illustration explaining the math behind random passphrases and why they are so difficult to crack. Suffice it to say, a passphrase of four random words would take over 500 years for a computer to guess, compared to less than three days for even the most clever passwords crafted by humans.
Diceware is a website that helps users create random word passphrases based on the roll of a dice. You roll a regular six-sided die to create a list of numbers that correlates to a word list you string together to make a passphrase. There are even some pointers for helping you remember your phrase.
Another option is to pick a six-letter word you can easily remember, and then use the dictionary to select a random word that starts with each letter. If your word is August, for example, your passphrase might be:
A – aster
U – under
G – golden
U – unfit
S – slice
T – tornado
The point is to choose a word that acts as a mnemonic device to help you remember your passphrase.
It’s tempting to shrug off bad passwords and tell yourself hacking can’t happen to you, but the fact is that cybercrime is far more common than you think. These tips will help you create stronger, safer passwords and passphrases, but for maximum protection, consider one of the many excellent — and often free — password managers.