And the top 10 passwords are ……:
If you are using any of these password you MUST change them as soon as possible by a robust one.
By robust, I mean:
– Difficult to bruteforce (Trying all the combination possible with important processing power, like doing aaa, aab, aac, aad. Easy to do with current technology….)
– Difficult to guess (If your first 3 letters start by oba, most probably the next 2 will be ma…obama. This can be done based on statistics and using words from dictionaries,… alias Entropy)
- Write down your password on a piece of paper and post it on your computer (Too many people and enterprises are still doing it…).
- Use the same password across multiple services. If one service is compromised, you could loose all the others accounts !
- Share your password with anyone else. You may trust your friend, colleagues, family, but they may not have as good practices as (hopefully) you have to keep it secret.
- If your email providers or any other services is requesting to send them your password for double checking or repair something, etc…, or any others reasons. Do not share it ! Most probably it is just some SPAM, SCAM, …Professional providers will NEVER ask you your password.
- of yourself, including nicknames or login name (Even in reverse order or whatever order);
- of your relatives;
- of fictional characters or popular movie (Lord Of the Ring, Star Trek,… ;
- of any place or proper noun;
- Numbers, including:
- your phone number;
- your social security number;
- anyone’s birthday;
- your driver’s licence number or licence plate;
- your room number or address;
- any common number like 3.1415926;
- any mathematical series such as 1234 or 2468, etc…(Computer will be better than you at this game)
- Any word in any dictionary in any language in any form including slang, obscenity, or even technical jargon.
- Any common phrases such as “Thanks God, it’s Friday” or “So far so good’, etc..;
- Simple patterns, including:
- passwords of all the same letter;
- simple keyboard patterns (qwerty, asdfjkl);.
- Any information about you that is easily obtainable:
- favorite color;
- favorite rock group.
- Any object that is in your field of vision at your workstation.
- Any password that you have used in the past.
- Change your password frequently (Every 3 to 6 months);
- Use both UPPER and lower case letters.
- Use numbers, letters and special symbols (!@#$%^&*).
- Create simple mnemonics (memory aids) tp help you remember your password:
- “Ial 4g miPA$$.” for “I always forget my password.” (14 characters with UPPER and lower case, both letters and numbers with special symbols (Including spaces)
- “HmPwaCciaCccP?” for “How many passwords would a cracker crack if a cracker could crack passwords?” (From MIT example)
- Use misspelled words (Whut ru tolqing Abut?).
- Use a minimum of eight characters. Some even recommend at least 15 characters. Anyway, in most of the case, the longer the better.
- Could use your own standard rule to change a little bit only your password for each different services:
- “Ial 4g miPA$$.” could become “Ial 4g-GO miPA$$.” for Google account and “Ial 4g-AM miPA$$.” for Amazon account.
Some people are recommending to use Password Wallets to avoid having to remember several passwords for different services. It’s basically a small software installed on your computer or smartphone that will keep records of all your passwords and will be protected by a super strong password (The only one to remember).
I’m not a big fan of these software as protecting your own computer might not be an easy job to avoid any hack, etc.. and you need to really trust this software to put all your eggs in the same basket…
Actually, for non critical passwords, if might even be safer to write it down on a small paper and keep it in your wallets, as most of the attacks will come from internet or having physical access to your computer.
The best will always be to keep it in your head. And if you forget it, just reset it.
If you want to see what could be a robust password, I recommend you this Strong Password Generator. However, it may be risky to use it as you are not sure if this website is keeping in record all the generated passwords in its database. (Probably not, but now, as a advised user, you should doubt of everything)
And to see how secure would be your password, I recommend you using this service. But here again, you are not sure that once entered into the website, it keeps record or not.
And you, what are your tips to choose a good password?