Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  We’re all still pretty bad at passwords

We’re all still pretty bad at passwords

So, what is your password?

No, don’t answer that. Really, please don’t. Partly because the whole point of a password should be that it’s a secret known only to you, but also because there’s increasing evidence that we’re still not much better at password security than we were last year.

Each year, SplashData (100-worst-passwords-top-50) puts out a report highlighting the worst — which is to say the least secure — passwords uncovered due to data breaches in that calendar year. 2018 has (sadly) been a bumper year for data breaches. That does have a minor upside, because companies are significantly more upfront about when they have some kind of data breach incident, but a much larger downside, because the results of their research are depressingly familiar reading if you’ve followed online security for any time at all.

So what were the top 10 worst passwords?

Well, if you’re using any of the following, stop it, right now:

  • 10 – iloveyou
  • 9 – qwerty
  • 8 – sunshine
  • 7 – 1234567
  • 6 – 111111
  • 5 – 12345
  • 4 – 12345678
  • 3 – 123456789
  • 2 – password
  • 1 – 123456

The worst password lists haven’t changed for years, because, ultimately, we all tend to use our computers to make our lives easier, and human beings are pretty hardwired to go for easy approaches. If it was just one hacker living somewhere on the planet manually typing in random passwords, that might work out OK, because the odds of that one dude hitting your account are going to be pretty low in a world of billions of online users.

The problem is that we’re not talking about facing off against one lone human with the same lazy traits as the rest of us. We’re talking about automated systems that approach the problem of cracking a password as simply a mathematical equation.

Easy to remember number sequences that just happen to be on the keyboard in line might seem like an elegant solution to remembering your passwords, but that also means they’re easy for miscreants to guess.

Not that they have to guess any more, because the vast majority of cracking attempts against password systems use automated approaches that can zip through every single dictionary word and keyboard number combination in a frighteningly short period of time.

This is also why using the same password across multiple sites, even if it isn’t “123456” or “password” is such a bad idea. Again, systems doing this kind of cracking will apply that password and email combination to as many services as it can hit in a few seconds, just to see what will work. All too often, it does, and suddenly you’re locked out of your email, buying sports cars in far eastern Russian bloc nations or finding your bank balance completely drained. Sometimes, while you sleep.

There’s a balance here, because nobody’s going to remember a 256 character password containing at least 50 different punctuation marks and at least one Japanese Hiragana character, but then, you really don’t have to. While it can seem as though the modern world is too complex with too many passwords to remember, you can use the approach of the crackers to help you. Which is not to say that you should counter-crack, but instead that you can use machine smarts, by way of a good password management application such as 1Password, Keepass or Dashlane to remember your passwords for you. They can generate complex passwords that you can often either paste or even auto-fill into services, and all you have to do is come up with a single, very strong password to keep those apps secure.

Yes, it’s a little bit of work to set up in the first place. But it’s a lot less work than recovering your finances, email, online social media accounts and everything else that could go wrong if you rely on a weak and common password like 123456.


Recent News

Apple typically holds a launch event in September for its new model iPhones. Whenever those new phones launch is when the new versions of its mobile operating systems launch as well. They all used to be called “iOS”, but this now encompasses iPadOS, watchOS, and tvOS. iOS itself covers phones and iPod Touch only. Usually,

Chromebooks are laptops that use Google’s Chrome browser as the basis for their operating system. We’ve discussed them before but to date most of the models sold in Australia have tended to be low cost models pitched at the education market. As a much more controlled computer there’s less that can go wrong with a

When Apple announced recently that it was going to shift from producing computers using Intel processors to its own “Apple Silicon” it also said that it would still produce some Macs with Intel inside over the next couple of years. That’s just what’s happened with the very first Mac Apple’s released since dropping its Apple

We live in an age where it’s absolutely assumed that the vast majority of your interactions with computers will be with visual interfaces – strictly speaking Graphical User Interfaces if you want to get on the jargon bandwagon – but it certainly wasn’t always that way. To get to the touch, voice and mouse-activated interfaces

Coronavirus (COVID-19) Update

Learn about the precautions we are taking and our new contactless pick-up and remote service options. Read More
Get help setting up your home office or homework area today. Learn More