Security Education Part 2: Safe Passwords

Passwords are combinations of digits or keys to accessing your data. A recent Forbes article covered worst passwords, some of which presumably compiled from actual data stolen from 32 million passwords from a hacked website. Of the stolen passwords, the top 5000 passwords were shared by 20% of the accounts.

From studying the common passwords, some patterns emerge, which any hacker could apply. However, if you or those around you are using any of the worst passwords, change them immediately to something more secure.

Sample worst passwords:

Some common patterns in passwords, which represent the “worst” passwords:

1)      Straight Numbers often created by sliding your hand on adjacent keyboard numbers

  • 12345678 or similar
  • 987654321 or similar
  • 111111, 123123 or similar pattern

2)      Straight Keyboard letters created by sliding your hand across adjacent keyboard letters

  • qwerty
  • asdfgh
  • zxcvbnm
  • qazxsw

3)      Words from the dictionary or common names

  • dragon
  • monkey
  • baseball
  • cricket
  • master
  • sunshine
  • princess
  • Michael or similar
  • password
  • superman

4)      Common phrases or combinations

  • trustno1
  • iloveyou
  • rockyou
  • letmein
  • abc123
  • babygirl
  • lovely
  • admin
  • tom1990

Good Password rules:

  1. Password length should be at least 8 characters long using Capital and regular letters
  2. Turn a phrase into a word – “Mary had a little lamb” becomes “mhaLITTLEl”
  3. Substitute 1, @, !, 3, 4, 5, $, 0 for alpha characters –  “hellodolly” becomes “h3!!0d011y”

Ideally, you’d use a combination of the above, use a different password for all sites and include extra numbers or &,#,! characters.  As an example, “Mary had a little lamb” becomes “[email protected]!TT1E1!”

Problem with banks:

Some account websites such Road and Traffic Authority (RTA) and most banks only allow alphanumeric characters (e.g. A to Z and 0 to 9).   In other words, they do not support characters such as – !, &, and $.   The suggestion is to use number substitution, capital letters and phrases.  5 substitutes for S, 4 for A, 1 for I, 3 for E and 7 for L.  “Mary had a little lamb” is now Mh27ITT737.

Other Good Passwords and Memory

If you cannot think of a phrase or find it too difficult, another technique to create a strong password is to interleave words and numbers. For example, the password Mark1992 is a weak password, although easy to remember.  To create a strong password from this weak one, you can interleave the numbers and letters to become M1a9r9k2.

If remembering passwords is a problem, there are some password banks such as splash id which remembers all your passwords in a safe space. The idea is to log into the site, and cut and paste or apply your passwords. See the secure password manager called SplashID at for an example of this.

Further reading: Security Education Part 1: Phishing scams

Call us today to keep your business out of harm’s way.

References

  1. Forbes – 25 Worst passwords of 2011 Revealed, by David Coursey, Nov 23, 2011
  2. Imperva’s white paper, Consumer Password Worst Practices.