You would think as time goes by, people would take passwords more seriously, and take steps to protect them. Unfortunately, that’s not the case, and we’re still getting some gems in terms of bad passwords. From single words to names and birthdays, password habits are as bad as ever, which is why we’re here to help.
We’re going to take a look at some of the worst passwords of 2020, what makes a password “bad”, and what steps you can take to make your passwords (and your overall cybersecurity) better. Keep reading if you’ve ever used a name, birthday, or the word “love” in your passwords!
Let’s start by taking a look at some of the most common (and terrible) passwords from last year.
1. 123456 (because no one would guess that one, right?)
6. abc 123
Are you noticing a pattern here? It looks like someone took the easiest thing to remember and made it a password, right? That’s exactly what happened, and that’s the problem. When you have millions of people that think passwords such as “123456” are secure, you’re going to run into some issues.
So, why are these passwords a problem, anyway? Let’s look at some of the ways hackers steal and breach passwords for a better understanding of why these are unacceptable.
“A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an encrypted message or document.”
Essentially, the computer enters every word you can find in the dictionary, and the process usually only takes a few minutes (or a few seconds, depending on the computer”. The word “password” is a dictionary term, as is “love”, “you”, and plenty of other common words/phrases that people use. The bottom line? If it’s in the dictionary, it shouldn’t be in your password.
Brute Force Attack
Technically, a dictionary attack falls under the brute force category, but there are other methods used by hackers. Credential recycling, for example, recycles credentials from previous data breaches to attempt a break-in. A basic brute force attack simply involves the computer trying every combination of letters, numbers, and symbols possible. This can take seconds, minutes, or years. The bottom line is that your passwords matter, and the more complex and unique they are, the harder they’ll be to crack.
What Makes For A Poor Password?
Let’s talk about some damaging password habits that many of us fall into. For starters, you should never use self-identifying information in your passwords. This includes all of the following:
- Part of your phone number, address, or social security number
- Your name, nickname, spouse’s name, child’s name, etc.
- Your street name, company name, or pet’s name
- Your bank account or credit card number (yes, this actually happens).
- Your birthday, anniversary, spouse’s birthday, etc.
Additionally, you should never use any company information, either. If you need to create a unique password at home or at work, you can use a password manager or a free password generator. The best password manager out there today comes with plenty of features to help you secure, store, and manage all of your passwords.
Good Passwords And Habits
A good password doesn’t contain any of the above information, and you may not be able to memorize it as easily. That’s a small price to pay for security. Good passwords contain no repeating characters, a combination of upper and lowercase letters, numbers, and symbols, and no common words or phrases.
A good password looks something like this:
Notice how the password meets all of our above requirements, and is 13 characters long. Experts recommend longer passwords because longer passwords contain more variables. Make sure you’re using a password manager or some equivalent service to store your passwords as well. Storing passwords on your computer, on written paper, or in an email address is a good way to have your information stolen.
If you’re running a business, you’re responsible for providing your employees with the right tools to ensure their password habits are solid. You could be held liable for a potential breach, so make the investment now! The average cost of a data breach for small businesses is in the hundreds of thousands of dollars—a sum that would sink most small businesses entirely.
The Bottom Line
Password security is certainly no joke, and we need to move away from repeating the same mistakes. The most common passwords are the worst of choices, so avoid them entirely. Don’t include self-identifying or company information in your passwords, or any common words/phrases. The key to good passwords is to keep them as unique as possible.