Friday, July 31, 2009

How to avoid the “500 worst passwords of all time”

By John Dodge | Jul 29, 2009 on SmartPlanet.com at http://www.smartplanet.com

We all have lots of Internet passwords and about half of them are not difficult to guess.  Just take a look at the "500 worst passwords of all time."

A strong password should be two things: easily recalled by its owner and difficult to guess by someone who doesn't know it.  So even non-hackers can guess a few on the worst list.

"123456″ is number one followed by you guess it, "password."   Some on the list are intriguing.  Number 496 is a "mistress" although I don't if the owners lean toward kept women or men who wished they had one.  Many are profane with a hint of anger and impulsiveness suggesting people don't want to bother with passwords.  Some are plays on words like "letmein."  Number 486 is a seemingly cryptic letter string "abgrtyu" and still made the list.

The list comes from the book "Perfect Password: Selecttion, Protection, Authentication" published in 2005.  While the list would appear outdated, it still gets considerable attention because it's unique.

One out of nine passwords used is on the list and about 50% of passwords are passwords are "based on names of a family member, spouse, partner, or a pet," according to the book's teaser on Amazon.  Just ask Sarah Palin whose email was hacked last September by someone who reset her password using her zipcode, birthdate and where she met her spouse.  When asked where she went to high school, the hacker entered  "Wasilla High" and was right. Such is the price of celebrity and people knowing a lot about you.

Passwords are a challenge.  Like you, I often want quick access to a site and view the password as an obstacle deserving little attention.  However, I can proudly say no password I have ever used is on the worst list.

In a recent discussion with fellow bloggers, one said he keeps passwords only in his head. He never writes them down ANYWHERE.  I have far to many for that and lack the photographic mind he must have.  He also avoid passwords hints such as boyhood dog or mother's maiden name given what happened to Palin.

Another swears by password manager Roboform which can be downloaded for $35. I may try this given good reviews and because I don't feel secure with my current password strategy if you can call it that.  I am constantly looking them up and must have about 30 of them.  I also have used meebo with some success as a single logon/password to multiple instant messaging accounts.  I tried a something called a secure login called vidoop, but it was too good: it didn't let me into anything.

There's plenty of advice on how to create a good password such as Microsoft's six-step to creating "a strong, memorable password.  Some of the advice is is obvious, but worth repeating.

– Use a mix of symbols, characters and numbers.  Use spaces if allowed.
– If you can't use symbols, double the number of characters.
– Think of a memorable sentence and take the first letter of each word and combine into a password.
– Use a password checker to test its strength.

No comments:

Post a Comment

Please, avoid posting advertisements. Content comments are welcomed, including anonymous. Posts with profanity will not be published.