Password safety - you've heard it all before and you're probably tired of hearing about it, but it's something that we cannot emphasize enough: creating a weak password is like leaving all of your doors unlocked. Just because you have never been robbed before doesn't mean that it's safe to leave your doors unlocked, does it? It only takes that one time for you to lose everything, and the same is true for your email accounts, bank accounts, and whatever other valuable accounts that you possess.
Nobody wants to try to remember 20 unique passwords for 20 different accounts, and that is why many of us decide to reuse the same password across multiple sites. However, although this is very convenient, it can backfire spectacularly. If a cyber criminal gets access to one of your accounts, they automatically have access to all of your accounts. Therefore, with cybercrime getting more and more common, having a different password for each account is absolutely essential.
Maybe one day, with our ever-increasing technology, we'll move beyond passwords and usernames, but for the time being, it's absolutely critical to strengthen your weak passwords. It takes little effort on your part, and trust us, you don't want to be the one who loses everything only to realize that all of your problems could've been prevented with just a few simple tweaks.
The Worst Passwords of 2015
It's not easy to determine the "worst" passwords being used as passwords are kept hidden and secret. However, in 2016 a company called SplashData went to the bother of tallying up over 2 million leaked passwords from 2015, evaluated them, and compiled them into a ranking of "Worst Passwords of 2015". Below are the worst 15:
As you can see, these really are bad. If you have one of the aforementioned passwords, you might as well not have a password at all. A hacker would have a field day with your accounts if you have passwords this simple. Also, if you think that your password is safe because it doesn't appear on that list, you'd best think again. These passwords are extremely bad because they all have the same characteristics of easily-hacked passwords, and it's possible that your own password does too.
So let us take a look at what makes these passwords terrible and what you can do to ensure that all your accounts are safe.
1. The Obvious Password
Seven of the worst offenders in the list above are all slight variations of the same basic password: consecutive numbers. People use this type of password because it is easy to remember and super easy to type - which is why qwerty is also on the list. But, your password isn't meant to be easy! Using obvious consecutive number passwords - one that took you seconds to come up with - is just asking for trouble. In fact, many cyber criminals have access to automated hacking programs that try these common number passwords in order to hack into your accounts.
2. The Default Password
It's astounding that "password" is used as often as it is. This is the default password for most devices, but it's expected that the user will change it to something secure. However, it seems that a lot of people are lazy and either refuse or forget to change it. Therefore, if you have kept the default password as it is, it would take no effort for a hacker to break into your account and help themselves to whatever they want.
Here's some advice: if you get a new device or account and you get given a default username and password - such as admin/password or admin/admin - do yourself a huge favor and change it immediately.
3. The Short Password
Length is important when it comes down to password size. Every extra character - be it a letter, number or symbol - expands the possibility space and makes your password harder to crack. Therefore, nothing is worse than a short password, and this is made evident when you take a look at the list of rubbish passwords - only 2 of them have more than 8 characters, and 8 is even too short nowadays for real protection.
So, make your password longer! Yes, longer than what you've got already! If you're wondering whether your password is long enough...it probably isn't. Chuck on a couple of extra characters at the end.
4. The "No Numbers or Symbols" Password
Generally speaking, a longer password consisting of only letters is better than a shorter password with letters, symbols and numbers. However, longer passwords that incorporate letters, numbers and symbols are even better.
The reason behind this is that you want to maximize the number of possible choices for every single character in your password. If you have only used letters, that's 26 possible choices per character while if you use numbers, symbols and letters, that's 46 possible choices per character - this difference has an exponential impact.
5. The "L33T SP34K" Password
If you're thinking about using symbols and numbers in your password, there is one caveat you should be aware of: if your password has complete words, don't make simple letter-to-number or letter-to-symbol substitutions for individual characters.
For example, in cableCABLE, don't replace the a with @, the l with 1, the A with 4 or the E with 3. You might believe that c@b1eC4BL3 is a great password that is stronger than the original, but there's a very high chance that is actually isn't.
Cybercriminals know all the tricks in the book, so if one is trying to hack into your accounts, they're going to try these substitutions anyway.
6. The "Personal Information" Password
Whenever you're trying to come up with a new password, we must stress that you should never ever use any personal information. A great password should have no relation to you at all.
For example, a lot of people like football and baseball, both of which can be seen on the list above. If you're a big fan or either sport, it would be pretty trivial to guess.
Nowadays, thanks to social media profiles, personal details are available at the click of a finger, and this kind of access makes it a lot easier for hackers to guess weak passwords.
7. The Pattern Password
A lot of people tend to memorize their passwords by using muscle memory, so whenever they need to come up with a new password for a new account, it's always tempting for them to rely on some kind of keyboard pattern. There's absolutely nothing wrong with this as long as you do it properly. After all, muscle memory is an effective way to memorize long passwords that are otherwise nonsensical. However, please never resort to over simplistic patterns such as 1qaz2wsx, qwerty, or qwertyuiop.
So, What Makes a Good Password?
You should have a good idea as to what makes a good password by now, but read the following criteria just to make extra sure - it won't do you any harm.
- It should be at least 8 characters long.
- It should contain special characters such as #,@,$,%, & and/or numbers.
- It shouldn't contain words found in the dictionary.
- It should use a variation of upper and lower case letters.
- It must not contain personal information such as your date of birth, phone number, spouse's name, pet's name, kid's name, or login name.