Web sites and bank accounts are getting hacked every day by the thousands due to the use of weak passwords. What is amazing is the number of people do not use passwords that are secure.
The rules for setting a secure password are simple to remember. You need to use a mix of at least 8 upper and lower alphabetic characters, at least one number and at least one special symbol. Special symbols are the non-numeric and non-alphabetic characters found on your computer keyboard.
A password should never spell out a common word found in the dictionary, your kids names, the name of your favorite pet, or anything that you enjoy that could be easy for other people to figure out.
The list shown below is a list of the top 50 passwords used on the web. I don’t know the source of this data because I found it on a forum, but every one of the passwords on the list is a bad choice. According to the notation, it looks like the list was compiled by an online media company.
None of the passwords used will surprise anyone who works with web sites. Those of us who work with web sites see people commonly using extremely weak passwords like these with their hosting company logins, their domain registrar accounts, and probably also with their bank accounts and online merchant accounts. It is therefore no surprise at all that so many accounts get hacked.
Why is the use of common names a bad idea?
It is a bad idea to use any words found in the dictionary or the names of kids, pets, etc., because hackers commonly use automated scripts that utilize these types of words to repeatedly attempt to break into an account until they finally get in.
For many web users, a password needs to be memorable. When that is the case, try intentionally misspelling words, use number or character substitution, or use acronyms that stand for something that only you will remember. For example, the password M2d@HhFaTi could mean “my two dogs at home have fleas and they itch.” Note the alternation of upper and lower case alphabetic characters and the substitution of the number 2 and the ‘@’ symbol. This password is very secure because it is unintelligible unless you know the key, which is the sentence that the password represents.
Another rule is to never use the same password for multiple accounts. Why? Because a lot of hackers may be people that you know. It could be a friend trying to break into your account as a joke, or someone you work with that has malicious intent. These are the people who generally know what it important to you and can guess the type of weak password you may use. The hacker could be someone looking over your shoulder when you enter a password. Simple passwords, such as 12121212 are easy to recognize, while M2d@HhFaTi is hard to recognize and harder to remember–unless they know the sentence that is the key.
One final point is that password length adds strength. The more characters that an unintelligible passwords uses, the harder it will be to crack. Never use a password that is less than eight characters.