50% of People still use "12345" as Password

Here's a story I wrote for my work website but I thought you all would like it as well. Are you one of those people who have a horrible password? I know I am :( If you need me, I'll be updating a few of my passwords. Enjoy this top 10 list of the dumbest passwords.

Simple and poor passwords can be cracked in a matter of seconds using a password cracking program.  Cracking programs have the ability to guess passwords by trying words from a plain dictionary or hybrid dictionary.  Another method involves trying a shortlist of common passwords and combinations.  To really maximize chances, hackers use the widely known “Brute Force” method to attempt every possible character combination as a password.

If you’re using one of the passwords listed below, stop reading and go change it right away:

1.    Password
Using “password” as a password is a big no-no.  It defeats the entire purpose of passwords.  To a hacker, this faux pas is just as ironic and inviting as having a post-it on your back that says, “Don’t taunt me.”  By using “password” or any of its predictable derivatives (e.g., “passw0rd”, “PaSsWoRd”, “pass”, “passwd” or “mypassword”), you submit yourself to swindling.   Other unsuspecting companions that share in the vulnerability of “password” include “login”, “default”, “temp”, “test”, “access” and “administrator”.

2.    Your Name
Don’t be an accessory in your own defrauding by using your name as your password.  Adding a digit like “1” to the end of your name will make the password at most, a stronger weak password.  Though, it may win the approval of a password setting program, it will win hackers the access to your e-data too.

3.    Keyboard Patterns
Don’t spell out your password by having it in plain view on a keyboard.  Simple keyboard patterns like “qwerty”, “qazwsxedc”, “asdsa”, “123qwer”make the large list of poorly chosen passwords because it’s visually memorable.  Also, using unadorned numeric sequences like “12345” or “123123” is basically spoon feeding your password to a hacker.  The least you can do is give them a run for your money by using an unobvious keyboard pattern and tossing in some digits and uppercase letters at random.  A more nifty way to generate a character-diverse password is by choosing a sentence like “I ate 5 baby carrots for breakfast today, Lisa”.  Next, turn the sentence into a password by substituting letters with numbers where possible.  You may end up with something like this: “Ia5bc4b2d,L”.

4.    Pop Culture References
Passwords like “jolie_pitt1” and “familyguy” are not the best choices when it comes to passwords.  They are as personal and noteworthy to you as they are to their legion of globewide fans.   Anything universal that has hit the mainstream with any sort of media craze should be discounted as a password.  That includes anyone on Hollywood’s A-list and fashion fads (e.g., “louis_vuitton”).  Also, refrain from using any public information made available through online profiles as your passwords.  (e.g., favorite foods, music, TV shows, books and movies).

5.    Stuff on Your Desk
Password creation can have a way of bringing out the writer’s block in you, but don’t resort to monumental pieces or conspicuous scribbles on your desk for ideas.  Using the word “Toshiba” because it’s scrawled across your desk is not wise.  It’s as clever as “hiding” your spare key under the doormat.

6.    &$@^!! (Curse Words)
I’m sure the F word resonates with most people in all its foulness, which is why it is considered an iconic English word.    It turns out that to many, the forbidden F word and its line of profane relatives make colorful and memorable passwords.  Hackers are two steps ahead of you however, already having such obscenities listed in their dictionary of common passwords.

7.    I Don’t Care About Security
Not surprisingly, 3 % of all passwords are words like “whatever” or “blah.”  This breaks the rules of password security on three levels:

a)    Using easy dictionary words.
b)    Not including at least one alphanumeric character and change of case.
c).    Not caring that someone can destroy your online presence and harvest your personal information for criminal gain.

The first two may roll right off your shoulder, but number 3 is kind of important.

8.    The Nerd Factor
Passwords like “yoda” of Star Wars or “azeroth” of World of Warcraft break the same rule that pop culture passwords do:  using popular words that have reached a critical mass.  Before you use a password like “PrincessLeiA”, consider the possibility that hackers may have already identified the popular trend of immortalizing this princess into a password.

9.    Sports
Favorite sports teams – we talk about it in the office, the locker room, online, at home, at local restaurants and hangouts.  Some take it upon themselves to do personal branding, sporting t-shirts with team name and logo on chest and a cap to match.  A hacker paying attention to what you have to say and display, can take a hint however.  They can try password possibilities of your favorite sports teams or use it as an answer to a password recovery question.

10.    The Number/Letter String
These make the “hacker dictionary” of common poor passwords.  Passwords like “zzzz” or “222222” hardly qualify as a password combination.  How hard is it to input six sixes or eight eights? Easy.  And how hard is it to crack a password of six sixes or eight eights? Even easier.

So, now that you know what makes a bad password, you might be wondering what exactly constitutes a strong password.

What makes a good password?
•    It must be 7 or 8 characters long – minimum.
•    Consist of both uppercase and lowercase letters.
•    Consist of both letters and digits.
•    Consist of symbols (e.g., #*+&,@:) and blank spaces if permitted.
•    Are memorable (avoid writing it down on paper).
•    Should not exhibit a pattern (e.g., asdf321).
•    Should not be used across multiple accounts.
•    Should be reset regularly (every 90 days at the least).
•    Should not be disclosed to anyone.