Simple passwords = disaster
The top five end-user passwords from 2012 were:
- password (yes, the actual word itself)
- 123456
- 12345678
- abc123
- qwerty (top-left keys on your keyboard below the numbers)
The top three in this list, “password”, 123456”, and “12345678”, were also the top three passwords in 2011. Basic analysis: Most people prefer simple passwords that are easy to remember and replicate.
However, by simplifying passwords, we are making it easy for others to access our online accounts. As Mike Morel, Bryley Engineer, pointed out: “I just HATE [sic] the fact that passwords need to be more complex and abstract because it is counter-intuitive to (the average) human thought process. We would all just want to have 1 password for everything… Something easy to remember. New techniques, faster computing power, and sheer determination on the part of the bad guys makes that nearly impossible going forward.”
According to Wikipedia: “The strength of a password is a function of its length, complexity, and predictability. Using strong passwords lowers the overall risk of a security breach.”
Since they are unpredictable, the strongest passwords are randomly generated and long; these prove to be the most-difficult to crack since they do not relate to anything. However, they are also the most difficult to remember and can be virtually impossible to get end-users to adopt.
When creating a non-random password:
- Add length to the password itself; eight characters are considered a minimum, but passwords of greater length can be tougher to crack.
- Use both upper and lower-case alphabetic characters.
- Add special characters (! @ # $ % ^ & * + =) and numbers (1 2 3 4, etc.).
- Use the upper-case characters, numbers, and special characters within the body of the password rather than at the beginning or end of the password.
- Do not use anything of a personal nature such as birthdays or names or relations and pets.
See http://news.cnet.com/8301-1009_3-57538774-83/jesus-welcome-join-list-of-worst-passwords/ for an informative article from Steven Musil of CNET News. Visit http://thehackernews.com/2013/01/the-use-of-passwords-in-technological.html for the hacker’s perspective. (Editor’s note: Bryley Systems does not endorse the views nor the content of www.thehackernews.com; we find this site to be counter to the interests of our readers and clients and we urge caution when visiting.)