I heard some of the passwords on the most commonly used list and want to make sure I use a strong enough password to protect myself. What can I do to improve the strength of my passwords?
This question was answered on June 7, 2007. Much of the information contained herein may have changed since posting.
(See our CNN video segment on this topic at: http://tinyurl.com/2rnmln )
For those that missed the recently published list of the most commonly used passwords, here they are:
#1 - password
#2 - 123456
#3 - qwerty
#4 - abc123
#5 - letmein
#6 - monkey (speculation is because it's an easy to remember 6 character
#7 - myspace1
#8 - password1
#9 - blink182 (a popular music group)
#10 - (your first name)
There is always a trade-off between security and usability whenever you try to protect anything This list of passwords shows how common it is to lean in the direction of usability over security by many users.
It goes without saying that if you are using any of the passwords on the list, it's time to make a change.
Amongst the easiest passwords to break are those that use real words because hackers can use readily available computer programs to run "dictionary attacks" which try every word in the dictionary on your account.
The best passwords are longer (at least 8 characters, 14 or more if you really want it to be hard to break), include both alpha and numeric characters and don't incorporate real words.
Most folks use simple words because they are easy to remember, so here are a couple of tips to improve the "quality" of your passwords if you don't want to remember complicated random strings of characters:
- Insert numeric characters in place of an alpha character in a real word For instance, instead of using monkey, substitute a 0 for the "o"
and a 3 for the "e" and use m0nk3y (a 3 looks like a backwards capital
E Other substitutions: 4=A, 1=L or i, 7=T) While this used to be
much more secure, hackers know that many are now using this method, so don't stop with just this first tip!
- If your easy to remember word is only 6 characters, add a couple of digits (like the year of your birth) in the middle: mon61key and to make it more difficult to break, combine the first two suggestions: m0n61k3y.
- Use your easy to remember word backwards (just make sure it isn't one of the words in the most common list, since they will also be obvious to try backwards for the bad guys) and be sure to add a few numbers yek61nom
- Add symbols such as !, ? or $ to the mix: m0nk3y!, ?yeknom, etc.
Changing your passwords on a somewhat regular basis (every 3 to 6 months), especially for very important accounts is also a good idea.
Something to consider for those that travel and use Internet cafes, hotel computers or any computer controlled by others: change the passwords to anything that you access while on the road as soon as you get home (or to a known secure system).
It's too easy for either an unscrupulous Internet cafe owner or even a random hacker to slip a simple "key logger" into any public computer to collect usernames and passwords, so play it safe and change them once you get to a secure system.
About the author
Posted by Ken Colburn of Data Doctors on June 7, 2007