The weakest point in any security system is people. Whether it be weak passwords, no passwords at all, falling for social engineering attacks, etc., passwords are the first line of defense from people getting access to your account. Generally people’s passwords are quite weak. According to the Huffington Post, the most common passwords of 2016 are “truly terrible”, just to list a few:
- 123456
- 123456789
- qwerty
- 12345678
- 111111
- 1234567890
- 1234567
- password
- 123123
- 987654321
As these passwords are easy to remember, they are SUPER insecure. They make for good passwords for temporary use that will expire on first time logon or something of that nature. A password should be at least 8 characters long, consist of at least 1 capital letter one number and one special character (!@#$%^&*), but even when people follow these rules they still make somewhat weak passwords.
I say this because the passwords that are made following the rules usually consist of a name of something that is close to them (such as a pet) or even their own name. Capitalize one of the letters, and then for some numbers it could be a combination of their birthdate or birthdate of someone close to them, or some sort of combination of numbers that has some sort of significance to them, and then the most common special character used is the “$”.
Making Better Passwords
Some ways to get past conundrum would one to just grab a book and just grab a random line of text and apply some capitals, numbers, and special characters. Make sure you can remember the password without writing it down: one way would be just to use a password manager such Lastpass.
Most of if not all these services come with password generators which will generate random and secure passwords, then store them in their program behind their encryption. These managers remember all your passwords so you don’t have to, but more importantly the passwords will be secure ones.
Working in IT and in the midst of running around and helping people with their computer problems, I’ve noticed that a lot of people write their passwords to important accounts on sticky notes around their workstation. If you are one of those people who writes passwords on sticky notes, please stop. These password managers are so much more secure; someone can easily just walk up and either just take the sticky note or take a photo of it.
If a digital password manager doesn’t sit right with you there are also physical ones thast keep passwords offline. There are sites such as haveibeenpwned (https://haveibeenpwned.com) that will tell you that if any of your usernames or emails might have been part of a site that was breached. It will tell you about those breaches and when they happen: such as what might have been taken. There are also sites such as howsecureismypassword (https://howsecureismypassword.net/) that will well test and tell you how secure your password is it will tell you how long it will take to bruteforce your password. It will also give you tips on creating better passwords.