Last June, it was reported that a Russian hacker had stolen over 6.4 million encrypted passwords from LinkedIn, a very popular business person social networking site. The hacker posted the passwords, without any usernames, to prove he had actually done the hack. [CLICK HERE to read the full story]
Of course, it was important news for anyone who was a LinkedIn user, but even more interesting were some follow-up reports that analyzed the passwords, giving us a glimpse of what people are using to keep their accounts safe in this modern Internet age.
To give you an idea, here were the top 10 being used on LinkedIn:
Now here’s what I don’t get…
Most people have now been using the Internet on a regular basis for at least 10 years (since the early 2000’s), and unless they’ve been hiding under a digital rock somewhere, have no-doubt seen the plethora of warnings on how they should “always create secure passwords”.
Does this top-10 list look like a set of secure passwords to you?
Nope, me neither.
And it led me to realize that as much as we know it’s important to have secure online passwords, many of us are just not doing it.
And that’s a very dangerous thing.
Although I talk about creating passwords in other articles on this site, as well as in my book called Staying Safe on the Internet [CLICK HERE to read more about the book], I sure don’t think it will hurt anything to again relate some ideas about passwords here.
So here are some facts about hackers and passwords, followed by rules you can learn about making the best password for yourself.
- Hackers have had years to come up with lists of “bad passwords” they use in programs designed to try and hack your accounts. A bad password is one that is easy to guess, and typically consists of short, single, commonly used words that can be found in the dictionary. In fact, many hackers use sophisticated algorithms that actually take dictionary words and combine them into phrases as they try to get into your accounts.
- The first rule is… your password should NOT consist of regular words, or even phrases of regular words, but should be a series of unrelated letters.
- If you were to strictly follow the rule of this first lesson, you could almost stop reading right here. But let’s pretend you don’t, and continue with additional lessons that support the above rule.
- To make them easy to remember, many people use passwords made up of information they can relate to, such as family birthdays, job titles, street names, etc. As you might guess, hackers look for this and commonly use words from personal information to try and crack your accounts.
- The second rule is… don’t use anything that can be related to you as a password.
- Passwords in most online systems are case-sensitive, meaning that an upper-case character is different than the same lower-case character. Therefore, by using both upper and lower case characters you increase the difficulty in having your password guessed.
- The third rule is… your password should contain BOTH upper and lower case letters.
- Although many online systems are a bit picky about using “special characters”, such as colon, or exlaimation point in passwords, almost all of them allow you to at least use numbers, which when intersperced with characters can be very effective in creating a good password.
- The forth rule is… use some numbers in your password.
- Hackers know that another easy password for us to remember is one created from a sequence of letters, numbers, or words. Examples would be 12345, ABBCCC, or ilovepopcorn.
- The fifth rule is… avoid using letter, number, or word sequences for your password.
- Most online systems require that your password be at least 8 characters long, and most experts agree that the longer the password, the longer it takes a hacker algorithm to crack it.
- The sixth rule is… your password should be AT LEAST 8 characters long, if not longer.
- Hackers also know that we tend to use the same password for multiple accounts. They count on this, and if your password gets hacked in one account, chances are the culprit will attempt to use that same password to access your other accounts.
- The seventh rule is… use a different password for each of your accounts.
- Finally, since online accounts can be broken into, and passwords stolen, it’s a good idea to change your password on a regular basis, say perhaps two or three times a year.
- The eighth rule is… change your password on a regular basis.
By now, you’re probably overwhelmed with rules. But before you throw up your arms and just go back to using “12345”, here’s how I incorporate the above rules into a way of making a password that’s secure, and yet fairly easy to remember.
(1) Think of the first line of a favorite poem or song.
- For example, “Oh say can you see by the dawns early light”.
(2) Extract out the first letter of each word.
- For example, “oscysbtdel“.
(3) Take any character that could be a number and translate it. Examples of letters to numbers might be
- L is a one
- S is a five
- O is a zero
- For example: 05cy5btde1
(4) Add a meaningful number, such as a “lucky number” to the beginning and the end.
- For example: 605cy5btde16
(5) Make the first real character, upper case.
- For example: 605Cy5btde16
- It has no meaningful words
- It has nothing that can be related to me personally
- It has both upper and lower case characters
- It includes numbers and characters
- It does not have any sequences of numbers, letters, or words
- It’s at least 8 characters long
Now granted, this is still not the easiest password to remember. But with a bit of practice you could do it. All you have to do is get use to the letter-to-number conversions that you thought up, and then just say that phrase to yourself as your typing.
But what about using different passwords for all of your accounts and changing your password on a regular basis.
Well, having different passwords is one rule that I don’t completely follow myself. What I instead do is use one password for my very important accounts (those that deal with finances) and another password for my day to day accounts (those that do NOT deal with finances).
I do, however, make it a point to change my passwords at least every 6 months or so.
So there you have it. Another lecture on creating secure passwords. Ho Hum… 🙂
If you’d like more information about making the best passwords, here are some good articles you can check out:
- Good and Bad Passwords by George Shaffer
- 25 most-used passwords revealed: Is yours one of them? by Rachel King, ZDNet
- The Top 500 Worst Passwords of All Time from WhatsMyPass.com
- 10,000 Top Passwords by Mark Burnett
- Password Haystacks – Check your password “crackability” by security expert, Steve Gibson
- Perfect Passwords – password generator also by Steve Gibson
- Best Password Managers – by Neil Rubenking, PC Magazine
As always, I’d love to hear your experiences or comments about passwords and Internet safety. You can leave them below…