Why do we remain so bad at passwords?
2017 was a year of some very large security breaches across all sorts of companies, from smaller online merchants all the way up to bigger brands, such as the uber-leak that came out of, well, Uber, where a data leak saw the records of some 57 million users worldwide compromised.
As such, you would think that overall, Internet users might be becoming a little smarter about how they operated online.
Sadly, it seems you’d be wrong. Despite all the breaches, despite all the warnings about what can happen with lax security, it seems that we’re all still way too addicted to using readily guessed passwords all over the place. What’s worse, the same culprits top the lists of most commonly found passwords online, year in and year out, and 2017 was no different.
Research from Splashdata showed that the same password combination was the most commonly found bad password online. Want to take a guess what it was? I’ll put a list here, so you can try to guess:
If you guessed “123456”, congratulations. Then again, if you’re actually using 123456 as a password anywhere (or anything else in that list, which just makes up a fragment of the top (really, it should be the bottom) 100 bad passwords of 2017) then please, please, stop doing so immediately.
It’s not that hard to see why folks use simple passwords, because they’re easy to remember, after all. If you’re online, the odds are that you don’t have just one password, but probably dozens to recall.
The problem is that if you’re using an easy password, and especially if you’re using it across multiple sites and services, it’s like having one easily guessed key. Even if you’ve got a more complex password that you use in multiple places it’s a bad idea, again because it’s a single point of failure. At least with a complex password, you’ve got a base level of security. With 123456, you’re essentially inviting people to come and peer into your digital life, identity and bank accounts. I’m going to take the guess that you don’t want to do that.
If there’s one trend I’d love to see reversed in 2018, it’s the prevalence of stupid passwords, and the rise of people properly using apps such as password managers. They can compute strong passwords for you and then store them in a single vault, giving you a simple way to cut down on password clutter and keep yourself secure online. That would be an ideal way to make 2018 less of a disaster year in security terms, but it won’t happen unless individual users change their security habits.
There’s no shortage of apps to choose from, including lastpass, dashlane, 1password, keepass and others that will manage your passwords for you at low or zero cost. Just like it’s all but essential to maintain malware protection on your PC, it should be essential to maintain a clean and properly secured password regime too.
It’s sadly all too inevitable that we’ll see further security breaches in 2018, and the control of those services may be beyond your control. Securing your own access with unique passwords, ideally managed by a secure password manager can make sure that even if there is a leak, its effect on you will be minimised.