OCT 18, 2021 / Security

Longer passwords won’t save you from hackers

Strong passwords rely on complexity, not just length, so upgrading from “12345” to “12345678” won’t keep hackers at bay.

The mind-numbingly foolish “123456” has once again topped the list of most popular passwords, according to SplashData’s annual analysis of leaked passwords. The ever-popular “password” remains in second spot, while “12345” has lost third position to the far more fiendish “12345678”.

Not only does this tell us that some people continue to rely on stupid passwords, it also tells us that when they do heed the warnings about online security they upgrade to a new password that’s almost as stupid. Hackers rely on the fact that people are lazy – you’re not going to fool them with longer passwords like “1234567890”, “qwertyuiop” or the cunning “1qaz2wsx”.

A strong password relies on complexity – it needs to be both difficult for a person to guess and difficult for a computer to crack by brute force. Hacking tools work their way down the list of popular passwords like “123456” and then run through the dictionary, so even a great 20-letter word like “deoxyribonucleotides” probably won’t keep hackers out for long if they’re determined to break into your account.

People sometimes use weak passwords because they think they’ve got nothing to hide, but you’re actually putting your friends at risk by making it easy for hackers to impersonate you. Hackers know that your friends are more likely to fall for online scams, or click on infected links, if your friends think the message came from you rather than a stranger.

The best passwords are completely random, with a combination of upper and lowercase letters mixed with numbers and symbols. For example the 14-character “j@2Gpk%LS/9tS&” is a much stronger password than a longer dictionary word. Of course it’s tough to remember a truly random password, but it’s not hard to devise passwords which are easy to remember but look like gibberish to anyone else.

One useful trick is to start with a phrase or lyric that’s easy to remember and then grab the first letter from each word. A simple nursery rhyme like Old King Cole can form the basis of a long and complicated password like “OkCwAmOs%AaMoSwH*70”. Sing along in your head as you type in your password and you’ll never forget it.

You obviously need more than one password, so you might devise a series of passwords based on different lines of the nursery rhyme. It might seem a little childish, but not as childish as sticking with “123456” as your password.

alt here
Adam Turner