From your email account to your iPhone, it seems that everything requires a password nowadays. With the dozens (or hundreds!) of passwords that everyone is supposed to remember, it’s only natural that many people will take the lazy way out and pick an easy to remember password like, well password!

It turns out that “password” was indeed the most commonly used password on the internet according to a report compiled by SplashData and posted by PC World. The company created the list by examining password dumps posted online by crackers, some from very notable attacks.

password

123456

12345678

qwerty

abc123

monkey

1234567

letmein

trustno1

dragon

baseball

111111

iloveyou

master

sunshine

ashley

bailey

passw0rd

shadow

123123

654321

superman

qazwsx

michael

football

So what makes a secure password? Well, it should be a minimum of eight characters and should contain a mixture of upper and lower case letters, numbers, and symbols. The more characters, the harder it will be to break. You should also avoid using the same password on more than one site, although you can probably reuse passwords for websites that contain no personal information and that you don’t care about being compromised. Another tip is instead of using words, pick a phrase or song lyric and base your password on that. If you’re a Dream Theater fan, for example, maybe you could use “pmu!IamNOTa” for “Pull me under, I am not afraid.”

Another security concern to take into consideration is the fact that some installations of Windows store your password insecurely. This is because older versions of Windows use what is called a LAN Manager Hash, or LMHash for short, and this is an easy hash to break. You could have an ultra-secure 14-character password, but if Windows is not configured to ignore the LMHash it will be stored as two individual seven-character passwords in the system, making a break-in extremely easy. If you’re really paranoid, create a 15-character password because that will always avoid the LMHash vulnerability.

So how do you keep all of these passwords safe? While some may recommend an online password manager, by doing so you’re trusting that nobody on the Internet will be able to intercept your keys. Instead, rely on a desktop solution like TrueCrypt or Password Safe for your security needs.

It’s interesting to note that even a password that appears secure on the surface, such as “qazwsx” is not safe because cracking tools use keyboard patterns in their dictionary as well.

Image Courtesy of Twitip.com

via The worst online passwords: Did you make the list?

Leave a Reply