Security Password - Hall of Shame

Hitting a homerun this time will hurt your batting average!

Do you think your password security is good enough to stand up to the rigors of our "Hall of Shame?" Then we invite you to check out these 4 Password fails and in this new year take a better approach to password management. 

 

Password Fail #1: Use a Simple Password

One thing that password breaches in the past have shown us is that the most widely used passwords are the dumbest. Here are the ten most common passwords:

  1. 123456
  2. May141983
  3. 123456789
  4. password
  5. iloveyou
  6. qwerty
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

It turns out that you have a good chance of getting into many peoples' accounts - and computers - by just typing "123456." Or even "password." Or just the six letters on the top row of a keyboard, "qwerty." Use something uncommon and you've reached first base.

 

Password Fail#2: Use a Password That's Easy to Guess

Let's say you have a son named "Chauncey." When you're asked for a password that has to be at least 8 characters long, you figure it's a good idea to use his name. But anyone who can view your Facebook page will see a picture with him, with a comment such as, "Here's Chauncey on the beach." That is a pretty obvious clue; many people use the names of their children or their pets as password. And these are easy enough to find as we publish more and more of our private lives in public forums.

Skip over this idea, and you get to second base.

 

Password Fail#3: Use the Date of Your Wedding (or Birthday, or Child's Birthday...)

So you got married on 6/23/2004. Since many sites require that you use at least eight characters for a password, you can change this to 06232004; that's certainly a password you'll never forget. That would be a good password, right? Not really. First, it's pretty easy to find; there are all sorts of databases containing that kind of information. Second, plenty of friends and co-workers know the date of your anniversary. Pictures on your Facebook page, details on your personal blog, or tweets like, "Happy anniversary to my sweetheart" are all giveaways. The same goes for your birthday, your child's birthday, your spouse's birthday, and so on. Don't think you can get by changing the date month to the full name (june232004) as password tools can't be fooled either

If you don’t use well-known or easy-to-guess dates as your password, congratulations, you’ve just advanced to third base.

 

Password Fail#4: Use the Same Password on Many Web Sites

It's a lot easier to remember one password than dozens of different ones, right? So you come up with one really good password and you use it everywhere: Facebook, Twitter, Amazon, eBay, PayPal... Or what if you've used it on Linkedin, eHarmony or last.fm, all sites that were recently breached? This is the main reason why cyber-criminals want to harvest passwords. If they get a user name and password and then find that it works on other web sites, they can usurp your identity, and perhaps even liquidate your assets. They can even buy things using your credit card - which is stored on, say, Amazon - and have them shipped to their addresses. When you also apply these password techniques to company accounts you can put critical business data at risk. 

If you avoid these four password failures, you’re well on your way to hitting a secure password home run.

So, if you came up batting 1000, we recommend you subscribe to our Security Blog and embrace better security passwords in the new year!