Good password = good idea
This time of year, with all the online shopping, shipping, and marketing to be done, you might find yourself signing up for several web-based products or services (like VerticalResponse). While it’s tempting to rush through these sign up processes to place your order faster or start using the product more quickly, you want to use a strong password (or passwords) to keep your information and data secure.
With seemingly monthly data breaches of big companies like Home Depot and Target, data security is top of mind for more people. Aside from having a good password, we suggest setting up two-factor authentication (2FA), whenever possible.
You’ll want to set up 2FA on email accounts, online banking profiles, credit cards and even your social media accounts. Two-factor authentication requires two steps of verification as an added layer of security. Entering your user name and password would be considered a single factor or layer of authentication. A PIN number (something you know), ATM card (something you have) or text message would be considered a second factor.
Google makes 2FA easy by sending a random confirmation number to your preregistered mobile number to input into their sites before you are allowed to log in. The recently announced ApplePay is a also huge step forward for 2FA because it uses your fingerprint to authenticate your transaction.
On the flip side of high security, Mashable unveiled its “25 Worst Passwords of the Year” from 2013, which highlights some of the worst and most hackable passwords. If you see your password on here, it might be time for a new one!
SplashData, the company behind all the data, compiled their list “from files containing millions of stolen passwords posted online by hackers” and stated that “Hackers can easily break into many accounts just by repeatedly trying common passwords.” So when they say “worst,” they mean the most common, and therefore the most easily stolen.
Here’s the list:
- 123456
- password
- 12345678
- qwerty
- abc123
- 123456789
- 111111
- 1234567
- iloveyou
- adobe123
- 123123
- admin
- 1234567890
- letmein
- photoshop
- 1234
- monkey
- shadow
- sunshine
- 12345
- password1
- princess
- azerty
- trustno1
- 000000
We are a little disappointed not to see “opensesame” on this list. Wait, we’ve said too much…
Google also provides some helpful do’s and don’ts for creating stronger, more secure passwords including the following:
- Use a unique password for each of your important accounts
- Change your password often
- Use a mix of letters, numbers, and symbols in your password
- Don’t use personal information or common words as a password
- Make sure your backup password options are up-to-date and secure
- Keep your passwords secure
If you feel like you won’t be able to remember several different logins, use an online password manager to help you keep track. Hopefully this post is just a friendly refresher course on password and data security. But, if your password does happen to be “password,” go ahead and change it; we won’t tell anybody.
Post originally published December 12, 2011 – Updated November 28, 2014
Join 140,000 small business owners
© 2014 – 2018, Contributing Author. All rights reserved.
If you use a procedure to generate your passwords (as Devon suggests), if one of them falls into the wrong hands, the others are automatically at risk.
For example, if I was in the business of hijacking accounts, and I learned that your Twitter password was 1:mnij:twt, I’d be straight off to eBay to try 1:mnij:eby, to Hotmail to try 1:mnij:html, etc.
key to a great password you can easily remember:
1. come up with a phrase of 3-5 words; “My Name Is Joe”.
2. make your phrase an acronym; “mnij”.
3. add atleast one number and one symbol to the beginning; “1:mnij”.
4. add another symbol to the end followed by an abbreviation to the site you are making the password for; “1:mnij:fb” (for facebook) or; “1:mnij:twt” (for twitter).
5. enjoy you easy to remember password that is damn near impossible for anyone to figure out
Great article. I notice that common passwords are quickly spammed. Its good to know this list and need to make sure our passwords are different everytime.
Using a special password tool is the best to use.
It would be impossible for me to remember a different password for every single service and site I use.
I see ‘Orun’ beat me to it, but it’s worth repeating. People tend to over do things to their own detriment.
https://xkcd.com/936/
This is too funny. GUILTY on about 4 on that list! Ugh.
I am always suprised at the number of people I visit whos password is just that “password” I even had one elderly gentleman who told me he used it for his online banking!!!
do you also have the list of the UserId with 123456?
no my password isn’t qwerty 😉
I used a tool called KeePhrase, it makes passwords out of classic literature. Easy to remember: https://keephrase.com/
Is 12345 the same as 123456?
I’m in all sorts of trouble!
Regards,
Ashley Michael Bailey
A good idea to form a password is the use of a long phrase using the initial letters. Eg;
I am single my income is $60K and work @ IT = Iasmii$6Kaw@IT. You won’t forget it and is secure. A generator has the inconvenience of not remembering it.
Good Password = not using one of the 25 passwords on this website.
Good Password = not giving a hacker a list of 25 possible passwords.
Good Password = something that is unique to you and doesn’t come from a list generated from a website.
Good Password = one you don’t share in the comments section of a website b/c you see that it is on the list above.
I keep all mine slightly different so cracking one doesn’t mean they are all cracked, but it is easier to remember
THEORY: “multiple passwords” is a plot conceived by your bank. It keeps them safer (at least as far as legal obligations) but not you because now you have to record all your passwords somewhere. Which is at least as big a security hole as having one good pw.
i didn’t think many people besides me used monkey as a password…haha weird
I think it’s funny that “ashley” is so high on the list. What does that say about people named Ashley?
passwords are so old hat, no passphrases however…
Or you can do what I do. Don’t put anything valuable on the internet. Then you dont have to worry about getting your password stolen.
a cool way to make a seemingly complex password is to shift one key to the left (or right) of each letter of a word you are sure to remember, for example –> sunday –>[shift right]–>dimfsu … taa daa
That’s why i use password generator!
RoboForm try out the free version, then go pro. All passwords generated and locked in under one password. Back up regularly for safe keeping.
“Through 20 years of effort, we’ve successfully trained humans to create passwords that are hard for humans to remember, and easy for computers to guess” – xkcd
https://xkcd.com/936/
RE: hard for humans to remember, and easy for computers to guess
And that’s why you make passwords that are easy for humans, but difficult for computers. Length is the only way to do that, complexity be damned.
1like2ridemybike@CentralParkinBudapest
is much better than
Ae8&^l
The first password would take roughly 1.3 x 10^41 days for a single computer to crack. Essentially, never. The second, and much more difficult password to REMEMBER will take about half a MINUTE to crack.
o_0