The Worst Passwords of 2017
Creating a password for your business or personal account is not exactly an enjoyable endeavour. When you have to do it for a number of different accounts, the psychological tendency is to either use one password for multiple login credentials or take the easy route by creating what pops into your mind.
There is a slim chance that the choices off the top of anyone’s head will be ‘myson’sahacker*13’ or ‘iforgotforthe100thtime’ and more likely to be ‘1234567’ or ‘iloveyou’, both of which made it to security applications provider Splash’s list of the ten worst passwords of 2017. Others included qwerty, 12345, football, letmein and different permutations of ‘123456789’. The generic set of numbers has been making Splash’s list over the years, indicating that the importance of secure password is yet to be widely acknowledged.
Some of the other terrible passwords discovered by Splash are:
A common defense against using what may be perceived as ‘complex’ passwords is that they are hard to remember, and this is a legitimate concern. But can you create a password that is difficult to guess yet easy to remember or at least not completely unrecallable when you need it most?
Absolutely. Consider these techniques:
The slightly difficult one: Think of a sentence/phrase that you can remember easily. This could be a destination you love, an important milestone in your life or a line from a movie, book or speech that stuck with you. Best to avoid ‘maytheforceBwithu’, ‘howyoudoin’, ‘stayhungrystayfoolish’ and the more celebrated quotes that you can bet savvy hackers will know!
Capitalise one or more characters, ideally not just the first and last. Add a number, ampersand, dot or other special characters. See if you can add a punctuation if that lends itself accurately to your string and try to replace some words with numbers such as ‘for’ with ‘4’.
Person-Action-Object (PAO) method: The PAO method works like this:
- Choose an image of an interesting place (eg: a football stadium)
- Select a photo of a famous or familiar person (eg: Richard Branson)
- Imagine a random action connecting the two to create a PAO story (eg: Richard Branson rolling around in a football stadium)
Use a random password generator: Visit a random password generator website and create 10 passwords of least 10 characters in length and include capital letters and numbers. Say the passwords in your head and identify the phonetic ones that easily stick in your memory. These are the ones you are more likely to recollect when required.
Create a password out of random words: If your account allows for a longer passphrase, for instance a 12-word seed, string together random simple words/names/brands that form a phrase that’s locked in your head. Here again, avoid phrases or lines from movies or literature. Examples: dog snow fun gift bridget jones marks and spencer creep live on.
Another option is to create a sentence in a foreign language, for instance, makesureyousaySalud4ever or no1canknowitporfavor. There is of course scope to get creative but do stick to foreign words you’re familiar with rather than picking one online that may not come to you easily.
Even as you secure your accounts with strong passwords, follow other best practices to keep social engineering at bay. That includes using only a secure HTTPS connection, checking for the padlock in the address bar and never sharing your passwords by mail.