This Tuesday the password management company SplashData released its annual list of the worst passwords that people have used in the last year.
They looked at 3.3 million passwords that were leaked last year and came up with a list of passwords that were most commonly hacked passwords.
The Most Hacked Passwords
So here is the list of the top 25 most hacked passwords of last year:
Although they may seem logical many of these would be pretty easy to guess. Many web sites also take the extra precaution where you are only allowed so many guesses before it locks you out for a while.
My bank for instance will lock you out for three hours after 3 mistaken tries but doesn’t tell you this unless you talk to them on the phone.
More Tips On Passwords
Here are some tips for creating – and just as importantly remembering the password that you create.
Has 12 Characters, Minimum: Security experts are now recommending that you choose a password that’s at least this long or even longer.
Include Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
Use Different Username and Password Combinations for Different Websites: One thing that I have found useful is to use varying degrees of difficulty depending upon the account I am trying to protect.
For instance, the password to my frequent shopper card at the local grocery is pretty simple. That account has no information that I am concerned about anyone seeing.
But the password that I use for my bank is long and complicated. I don’t want anyone to get into that account.
Use a Password Manager: to both protect your passwords and generate new ones that are random which makes them harder to guess.
I’m not sure that I agree with this suggestion though. A password manager needs to be stored somewhere on some device. If you loose that device it can be a problem.
You are also going to need a rock solid password that you are going to need to remember to use the manager.
Not Exclusively a Dictionary Word or Combination of Dictionary Words: You should avoid obvious dictionary words or combinations of dictionary words. Using a combination of a few words, especially if they’re obvious, is also bad.
Any word on its own is especially bad. You’ll notice that almost half of the passwords in the list above are single words.
Doesn’t Rely on Obvious Substitutions: Don’t use common substitutions, either. One example, “H0use” isn’t strong just because you’ve replaced an o with a zero. That’s just obvious.
How To Create A Strong Password
One way to create a strong password is by creating a phrase. The spaces between each word is also a symbol which will make it harder to crack.
The important thing is to avoid using phrases that are common or grammatically correct. Also try to avoid phrases like street names that someone might guess especially if they are somehow connected to you.
So a phrase like ” big red apples” wouldn’t be a good one. But a phrase like “garlic sugar cars” would be stronger. You could also capitalize the a’s and add a number that would mean something to you but nothing to someone who was trying to break your password.
You might end up with something like “gaRlic 15 sugAr Cars” While complicated your can see that it should be pretty easy to remember.
Especially if you look at the password and see that the capital letters is “CAR” spelled backwards and the number 15 might be a number that means something to you.
The above password is not grammatically correct, nor does it make any sense other than in your mind. It also uses capital and lower case letters, spaces, and numbers.
Remember though that it’s not all about password strength. Using the same password across multiple sites would make all the sites vulnerable in case one of them was hacked into and passwords stolen.