Geeks2U Promise
We guarantee you'll love our fast, friendly service - or we'll refund your money.  
133,572 Happy Customers & Counting
Need tech support?
1300 769 448
Extended hours, 7 days a week
Home  /  geekspeak  /  We’re all still pretty bad at passwords

We’re all still pretty bad at passwords

So, what is your password?

No, don’t answer that. Really, please don’t. Partly because the whole point of a password should be that it’s a secret known only to you, but also because there’s increasing evidence that we’re still not much better at password security than we were last year.

Each year, SplashData (100-worst-passwords-top-50) puts out a report highlighting the worst — which is to say the least secure — passwords uncovered due to data breaches in that calendar year. 2018 has (sadly) been a bumper year for data breaches. That does have a minor upside, because companies are significantly more upfront about when they have some kind of data breach incident, but a much larger downside, because the results of their research are depressingly familiar reading if you’ve followed online security for any time at all.

So what were the top 10 worst passwords?

Well, if you’re using any of the following, stop it, right now:

  • 10 – iloveyou
  • 9 – qwerty
  • 8 – sunshine
  • 7 – 1234567
  • 6 – 111111
  • 5 – 12345
  • 4 – 12345678
  • 3 – 123456789
  • 2 – password
  • 1 – 123456

The worst password lists haven’t changed for years, because, ultimately, we all tend to use our computers to make our lives easier, and human beings are pretty hardwired to go for easy approaches. If it was just one hacker living somewhere on the planet manually typing in random passwords, that might work out OK, because the odds of that one dude hitting your account are going to be pretty low in a world of billions of online users.

The problem is that we’re not talking about facing off against one lone human with the same lazy traits as the rest of us. We’re talking about automated systems that approach the problem of cracking a password as simply a mathematical equation.

Easy to remember number sequences that just happen to be on the keyboard in line might seem like an elegant solution to remembering your passwords, but that also means they’re easy for miscreants to guess.

Not that they have to guess any more, because the vast majority of cracking attempts against password systems use automated approaches that can zip through every single dictionary word and keyboard number combination in a frighteningly short period of time.

This is also why using the same password across multiple sites, even if it isn’t “123456” or “password” is such a bad idea. Again, systems doing this kind of cracking will apply that password and email combination to as many services as it can hit in a few seconds, just to see what will work. All too often, it does, and suddenly you’re locked out of your email, buying sports cars in far eastern Russian bloc nations or finding your bank balance completely drained. Sometimes, while you sleep.

There’s a balance here, because nobody’s going to remember a 256 character password containing at least 50 different punctuation marks and at least one Japanese Hiragana character, but then, you really don’t have to. While it can seem as though the modern world is too complex with too many passwords to remember, you can use the approach of the crackers to help you. Which is not to say that you should counter-crack, but instead that you can use machine smarts, by way of a good password management application such as 1Password, Keepass or Dashlane to remember your passwords for you. They can generate complex passwords that you can often either paste or even auto-fill into services, and all you have to do is come up with a single, very strong password to keep those apps secure.

Yes, it’s a little bit of work to set up in the first place. But it’s a lot less work than recovering your finances, email, online social media accounts and everything else that could go wrong if you rely on a weak and common password like 123456.

Share

Recent News

The launch of the Apple iPhone 11 was, not surprisingly, mostly about the iPhone 11. Well, to be strict, it was about the iPhone 11, which is the entry level model, the iPhone 11 Pro, and the iPhone 11 Pro Max. However, iPhones weren’t the only topics of Apple’s heavy-handed hype at its recent launch… More 

At the IFA trade show in Berlin, I had the opportunity to go hands-on with Samsung’s new Galaxy Fold. Not for quite long enough to write a full review, given I had 45 minutes, but enough time to run through its major features, as well as to spot some of its less than stellar compromises…. More 

We’ve seen a steady increase in the capabilities of Wi-Fi over the past decade, along with a dizzying array of acronyms to go with it. If you’re au fait with the difference between, say, 802.11b and 802.11n, that’s fine — but very few folks actually are. That’s also coincided with an immense growth in the… More 

It doesn’t feel like all that long ago that my viewing choices for the evening comprised just two channels. I grew up in regional NSW, and I could pick from the local regional commercial channel, or the ABC. Programs were on, and then they weren’t. If I missed a program, too bad. My best bet… More