Passwords: the Strong, the Weak, and the Repeated

If you’re one of the unfortunate souls who has had an online account hacked, you know that the fallout from such an event can range from the merely uncomfortable to all-out disastrous.  Hackers can gain entry into online accounts in any number of ways, but by far the most common is the password hack.  Password hacks most often are the result of a weak password being used, and a weak password is both the easiest thing to create and the easiest thing to hack.

What Makes a Weak Password?

Human nature being what it is, we tend to create passwords that are simple to remember, and we tend to use them across the board for everything.  This is particularly true in the age of multiple accounts, from email to banking to social networking.  Obviously, this isn’t a good idea.  Pair this tendency with the following list of common passwords and you have the makings of a very large problem.

Top Ten Most Common Passwords:

  1. Password (or passw0rd)
  2. 123456 (or any run of consecutive numbers)
  3. Qwerty (or any run of keyboard letters, i.e., qazwsx)
  4. abc123
  5. monkey
  6. letmein
  7. trustno1
  8. dragon
  9. baseball
  10. 111111

Recognize your password amongst those on this list?  No?  Perhaps your passwords are a bit more personal in nature – your wedding anniversary, your street name, your pet’s name.  It wouldn’t take too much digging around in your personal life to figure out your password if it’s one of those.

By now you may be sheepishly thinking, “Well, maybe I should change things up a bit.”  Depending on how many online accounts you have, and how many use the same or similar passwords, changing things up a bit is a good idea.

Setting Up a Strong Password

Building a strong password is equal parts protocol and creativity.  Opinions differ across the board with regard to length and complexity, but most experts agree that longer passwords with varying elements (a mix of uppercase, lowercase, numbers, and special characters) are more secure.  Shoot for a password that is eight characters or more in length, and mix in a capital letter, a number, and a special character (such as * or an underscore), all while NOT spelling a common word.  A helpful trick is to create an acronym from a sentence:  “this little piggy went to market!” becomes “Tlp_w2m!” fulfilling the length and character criteria for a stronger password.

Online security experts also agree that passwords should be changed frequently.  Some websites require their users to change their passwords every few months, while others will let you “set it and forget it” forever.  Get into the habit of changing your password with some regularity, using the same length and variety criteria as noted above.

Remembering Your Passwords

The trouble with lengthy, complex passwords is that they are difficult to remember, prompting many people to create the weaker passwords mentioned earlier.  Many websites have a built-in safety feature of prompts or secret questions for those who have trouble recalling passwords.  Some people write down their passwords and store them in a secure place – a move that most security experts discourage for a good many reasons.  Still another option is to utilize a password management tool, an application which encrypts and stores the passwords you enter into it.  Whatever method you choose to remember your passwords, make every effort to keep this information secure.

A Final Word on Passwords

You may be tempted to stay the course and continue to use your weaker passwords, just for the sake of simplicity.  While that’s certainly your prerogative, consider what would happen if your personal information fell into the wrong hands.  Hackers seek to gain entrance into online accounts for any number of reasons, most often to steal identity or wreak havoc with finances.  Anyone who has had to go through the process of reclaiming their life after a hacking incident will caution you to shore up your passwords, and quickly.  Spending some time to strengthen your passwords could save you a lot of time and headaches in the future.