Passwords Not to Use

Warning: Illegal string offset 'filter' in /home3/bcurrent/public_html/ on line 1409



This Tuesday the password management company SplashData released its annual list of the worst passwords that people have used in the last year.

They looked at 3.3 million passwords that were leaked last year and came up with a list of passwords that were most commonly hacked passwords.

The Most Hacked Passwords

So here is the list of the top 25 most hacked passwords of last year:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 1234567890
  7. 1234
  8. baseball
  9. dragon
  10. football
  11. 1234567
  12. monkey
  13. letmein
  14. abc123
  15. 111111
  16. mustang
  17. access
  18. shadow
  19. master
  20. michael
  21. superman
  22. 696969
  23. 123123
  24. batman
  25. trustno1

Although they may seem logical many of these would be pretty easy to guess.  Many web sites also take the extra precaution where you are only allowed so many guesses before it locks you out for a while.

My bank for instance will lock you out for three hours after 3 mistaken tries but doesn’t tell you this unless you talk to them on the phone.

More Tips On Passwords

Here are some tips for creating – and just as importantly remembering the password that you create.

Has 12 Characters, Minimum: Security experts are now recommending that you choose a password that’s at least this long or even longer.

Include Numbers, Symbols, Capital Letters, and Lower-Case Letters:  Use a mix of different types of characters to make the password harder to crack.

Use Different Username and Password Combinations for Different Websites:  One thing that I have found useful is to use varying degrees of difficulty depending upon the account I am trying to protect.

For instance, the password to my frequent shopper card at the local grocery is pretty simple.  That account has no information that I am concerned about anyone seeing.

But the password that I use for my bank is long and complicated.  I don’t want anyone to get into that account.

Use a Password Manager:  to both protect your passwords and generate new ones that are random which makes them harder to guess.

I’m not sure that I agree with this suggestion though.  A password manager needs to be stored somewhere on some device.  If you loose that device it can be a problem.

You are also going to need a rock solid password that you are going to need to remember to use the manager.

Not Exclusively a Dictionary Word or Combination of Dictionary Words:  You should avoid obvious dictionary words or combinations of dictionary words.   Using a combination of a few words, especially if they’re obvious, is also bad.

Any word on its own is especially bad.  You’ll notice that almost half of the passwords in the list above are single words.

Doesn’t Rely on Obvious Substitutions:  Don’t use common substitutions, either.  One example, “H0use” isn’t strong just because you’ve replaced an o with a zero. That’s just obvious.

How To Create A Strong Password

One way to create a strong password is by creating a phrase.  The spaces between each word is also a symbol which will make it harder to crack.

The important thing is to avoid using phrases that are common or grammatically correct.  Also try to avoid phrases like street names that someone might guess especially if they are somehow connected to you.

So a phrase like ” big red apples” wouldn’t be a good one.  But a phrase like “garlic sugar cars” would be stronger.  You could also capitalize the a’s and add a number that would mean something to you but nothing to someone who was trying to break your password.

You might end up with something like “gaRlic 15 sugAr Cars”  While complicated your can see that it should be pretty easy to remember.

Especially if you look at the password and see that the capital letters is “CAR” spelled backwards  and the number 15 might be a number that means something to you.

The above password is not grammatically correct, nor does it make any sense other than in your mind.  It also uses capital and lower case letters, spaces, and numbers.


Remember though that it’s not all about password strength.  Using the same password across multiple sites would make all the sites vulnerable in case one of them was hacked into and passwords stolen.


Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *