Gizmodo’s headline encapsulates the idea very well, “We’re all such idiots.” That’s right, America. We’re all idiots. The top passwords of the year have gone unchanged yet again – which would be semi acceptable if some of these passwords were unhackable or, at the very least, longer than 10 characters.
But, alas, that’s asking too much…
Password. 12345. 123456. Qwerty. 12345678. These “passwords” make up half of the Top Ten Passwords of 2015. Feel free to groan, smack yourself on the head, or jump off a cliff. We won’t judge. But whether or not we’ll judge you should be the least of your concerns.
Your number one priority, however, should be updating all those really bad, really old passwords. And if at all possible, wiping everything completely clean and starting fresh everywhere. If you choose not to clear the slate, you’ll find that it can become more of a challenge to remember your new passwords, as well as any previous ones. This is mostly because you won’t have any legitimate pattern or strategy to your online credentials… just a random assortment of letters, numbers, and capitalizations. And if this is the case, it won’t take very long for you to fall back into the habit of creating passwords like ‘password.’
So pay attention, people, because we’re about to take the deepest of dives into Passwords 101. Let’s make a vow to impact the cyber world in a positive way – by creating stronger, better passwords… or, at the very least, a password that doesn’t consist of nothing but a quick finger slide down the keyboard.
No matter what you decide to choose as your password, stay away from standalone dictionary words. In other words, don’t make your password ‘hello’ or ‘crackers.’ This password will literally be cracked within seconds. There is software available to hackers with the sole purpose of cracking dictionary passwords. It takes minutes for advanced forms of this software to filter through millions and millions of words with the intent of cracking your password.
This is really quite simple, but for some odd reason, people still struggle to grasp this concept. If you post a lot of memes on your Facebook page about your favorite football team, don’t make that team your password. If you have a spouse, don’t make his or her name your password. If you have a pretty sweet hotrod, don’t make that car your password. Just. Don’t. Do. It.
This is where a grey area starts to exist. While it isn’t a great idea, as we literally just suggested, to use personal things as your password, that doesn’t mean you can’t use these items, names, or favorites within your password. This means, you can use a dictionary word as long as it’s not the only word that makes up your password… which brings us to our next tip.
Phrases are one of the simplest ways to create very hard to crack passwords that are easy to remember. Say for instance, your favorite food is pizza. If you made all of your passwords ‘pizza123’, then in the event of a data breach, your account would be one of the first to go. However, if you spruced things up a bit and made your password ‘iliketoeatpizzasomuch123’, this is a bit more difficult to crack.
Numbers, capitalizations, and characters are a great addition to any password. But, they can quickly make the memorization difficulty meter quadruple. Because of this conundrum, we recommend strategic randomness. Instead of throwing a number or character just anywhere in your passwords, keep them in the same place every time. Here’s an example of strategic randomness.
You can base a number in your password off of anything really – for example, your Amazon account can use the number 6 because there are six letters in the word Amazon. You can carry this throughout each of your accounts – the number 4 for Etsy, the number 7 for Outlook, and so on and so forth. If your number is 6, then you can place the number 6 six letters into your password.
You don’t have to do this exactly, but you get the idea. Pick a strategy and stick with it.
This one should go without saying, but we know how the human password brain works. Never use a password more than once. At this point, you’re just asking to be hacked. And not just once. But across the board.
And of course, we can’t have a blog about creating passwords without making it known that you are never, ever to use a password on any top password list out there. Never. Ever. Don’t do it.