The 6 Worst Password Ideas

Making a good password is more important than ever and with as many sensitive accounts – email, credit cards, shared documents – as we have online today there’s simply no excuse for using bad passwords. You should always create a password that is easy for you to remember but would be very difficult for a stranger to guess. That may sound like a contradiction, but it’s not as difficult as it seems.

password

Still, some people haven’t caught on to that yet. Here’s a list of the six worst ideas for creating passwords.

  1. Simple, successive: It might be easy for you to remember ‘123456,’ or ‘qwerty,’ but guess what: Anyone who has ever seen a keyboard will be in your email in about 30 seconds. Making your password the same as, or related to, your login is also a serious mistake. Remember, when it comes to creating passwords, simplicity is bad, and complexity is your friend.
  2.  The name of a loved one: You might love your mom to pieces, but using her name as the key to all things dear to you is easy pickings for an attacker. Your favorite niece’s name or your dog’s name isn’t any better, especially when that information might be posted on your Facebook page for all to see.
  3. Getting cute: Yes, the goal of a password is to keep people out. But using that theme as your password – ‘password,’ ‘keepout,’ ‘letmein,’ ‘stayaway’ – will have exactly the opposite result of what you’re looking for.
  4. Cool words: Some words are cool and easy to remember. That also means that they aren’t just always on the tip of your tongue – they’re on the tip of hackers’ tongues too. Stay away from words like ‘dragon,’ ‘mustang’ and ‘ninja.’
  5. Sports!: Everybody loves sports, right? Well, hackers do too. If you’re inclined to pick your favorite sport as your password – don’t. Words like ‘football,’ ‘baseball,’ or ‘soccer’ aren’t worth the digital pixels that created them.
  6. Simple fixes: Taking passwords that are simple and adding the slightest of curveballs won’t work either. Just because you added a numeral or an exclamation mark – ‘passw0rd,’ ‘basebalL’ ‘mother!’ – to your easily decodable entry key doesn’t mean your accounts are secure. They aren’t. It’s important to mix lower case letters, upper case letters, numerals and special characters into your password, but don’t be predictable about it.

What you can do: Develop complex passwords with a mix of lower and upper case letters, numbers and special characters and ensure you use a different password for each site, according to Dmitry Bestuzhev, a Kaspersky Lab researcher. “Remember, you can’t stop your service provider being hacked, but you can avoid a bigger disaster when all of your accounts get compromised at once just because you used the same password,” he said.

If you have trouble remembering or creating strong, complex passwords, try Kaspersky Password Manager, which can handle those duties for you and stores them in a cryptographically secured state.

Send to Kindle

Comments

  1. “Develop complex passwords with a mix of lower and upper case letters, numbers and special characters”. No. Make your passwords looong. They will be impervious to brute force attacks and are much easier to remember than thinking ‘was it an upper L or a lower..?’. Xkcd explains: http://xkcd.com/936/

  2. Chris Freel says:

    Ever more complex and varying passport rules end up reducing security.
    I have over a dozen different passwords. With that number there is no alternative to writing them down, and that is the weak point.
    It takes a conscious effort to not re-use the same password.

    – Forcing UPPER and lower case – a recipe for typing it in wrong, unless you write it down.

    – Forcing use of non-alphanumeric characters, a disaster.
    I use different keyboards at different times, British, German, Swiss. All have different arrangements of keys. Windows, in its (non-)wisdom has decided that keyboard settings are part of your personal settings, not hardware settings. Do they expect to carry their personal keyboards about with them? You therefore cannot guarantee that the default keyboard setting you type in the password is the same as the one you get after you have logged in. So stick to the keys that do not change location.

  3. Richard B says:

    I calculated that on an average business day, accessing different computers, networks, servers, websites, various accounts, online shopping, online information services, password-protected files, ATMs, social media, etc., I have to use around 250 passwords and User IDs! Life is becoming a nightmare of constant User ID/Password entries to do anything other than read a book!

  4. The best passwords are, in my opinion ,a correctly punctuated sentences. However not all sites let you use a password that long.

  5. Both of you are wrong. Think of a phrase like, “I love my mother to pieces!” Now, take the first letter of each word. You could even change words like “to” to the number 2. So, that becomes Ilmm2p!

    Easy to remember, and hard for someone to hack. Duh.

  6. Rob Mitchell says:

    Another method: Think of a two words. Capitalize the first letter of each. Now add a special character separator. Now add a number – like your mom’s zipcode. Now add another special character THus far you have a stem to a master password. Finally add a different suffix for each account, FB for Facebook, YH for Yahoo, GM for Gmail, you get it. Examples:
    Maple.Sound:90210&FB. Maple.Sound:90210&YH (35 sextillion years to crack per HowSecureIsMyPassword.net, search space size of 3.62 x 10^39 which will take too many trillions of centuries to crack using current technology that it may be considered invulnerable for the next few years.
    The suffix is important – don’t use the same password everywhere. The suffix helps you to remember and also one character changed is enough to change the hash completely when the hashed password is stored.
    Finally use a Password manager like KeePass, and store your password database in Dropbox or Google Drive so you can use the same database on all your devices. Be systematic and make backups. You’re human. Humans use tools, right? Use tools to manage the passwords you use to access your tools.