Okay, you need to have a unique password for every site, and it needs to be a GOOD password, and one that won't be found in a hacker's dictionary of words and phrases. That's a lot to think of, but it doesn't have to be hard.
To start with, let's look at a list of the top 500 passwords out there, which you can find at http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time (warning: not all passwords are family friendly).
Some of them are easy - qwerty (#8), zxcvbn (#207), qazwsx (#273) are simple keyboard patterns; 123456 is used when you need a minimum of 6 characters (it's also the most common password), if you need 8 characters, then 12345678 (#3) is a logical choice. Others are more interesting; ncc1701 (#139) is recognized by Star Trek fans, and the ubiquitous 'password' which is number 2 on the list. Other common ones are michael (#14), cowboys (#131), and phoenix (#115).
Guess what, the hackers already have this list, with almost all words in the English language, and any other language for that matter. Think you are being clever by using p455w0rd - nope. They have "leet speak" spellings as well in their list. If your password is in a password dictionary, it will be broken quickly in an attack.
To make matters even worse, if you use one of these passwords, AND if you (like most people on the Internet) use the SAME password on multiple sites, guess what? One crack, and you loose everything. This become even more important if you use things like Facebook Connect to login to other sites. If someone guesses that your Facebook password is your dog's name (and they might be able to guess that from all the pictures you posted of your precious pooch), they can then use that on other sites, like your email, your work place computer, your bank - you get the picture.
The best solution is to use a different, complex, password for every site you use. That is difficult for most people, so in my next post, I will provide a simple solution to this problem.
No comments:
Post a Comment