In our industry clients often share passwords for domains and servers with us and it’s shocking how bad they can be. I would say 50% of the time it strongly relates to the business name and branding with a couple of extra characters at the end. This is crazy when there are so many good solutions to manage passwords these days, such as:
- Using your browser, for example, Chrome has an amazing password management features that can sync across your devices when logged in.
- 1Password is great for sharing passwords within an organisation
Make your passwords:
- Long. Most likely it will be a robot script trying to guess your password so the longer it is the harder it will be for the script to try every combination. It’s possible that with modern GPU systems cracking attempt rate of 7 billion per second can be achieved. An 8 character alpha-numeric password can be broken in 30 seconds! Whereas a 13 character password would take more than 900,000 years at that rate. Luckily your password hash will not be accessible for a computer to break at this speed. Frustratingly many systems limit the length of passwords so it’s not always possible.
- Random. Don’t be tempted to relate it to your name or business. It’s safe to choose random words and characters that you can remember easily if the password is long.
I recently read about a study of a huge amount of leaked passwords. In this study the password choices of 10 million people, from everyday people to the rich and powerful were analysed. Some interesting people were on the list including the global director of Nike whose password was cracked in 0.02 seconds, an editor at the New York Times 0.9 seconds and senior manager at IBM 0.0 seconds! The majority of these were able to be cracked in under 22 seconds. The list was full of high profile people making the same mistakes we all do.
If you use email providers like Gmail you don’t need to worry too much about your passwords being cracked by hacking software. These providers are set up to stop illegitimate attacks almost immediately. The same goes for your online banking, but for websites like yours that don’t have the same level of security we need to know how to keep the hackers out.
Most people think of obvious words and numbers and combine them in simple ways.
It seems we humans are a predictable bunch so it doesn’t take long for dedicated hacking software to crack our passwords. Most people think of obvious words and numbers and combine them in simple ways. Adding a variation in characters, for example changing THRIVE to 7HR1V3, will make a little difference on how hard it is to guess, the length of the password however, is more significant. As it turns out the biggest mistake you can make is that your password is too short. The longer a password is the stronger it is. Most passwords are approximately 8 characters long so make sure it is longer than this.
One of the tools we like to use is a secure password you could try a password generator like www.lastpass.com. This uses simple words and even spaces but because of the length of the characters it can make your password literally millions of times harder to guess. The good thing about this is that the words make it much easier to remember.
So now that you know what to do here’s the list of what not to do.
The 50 most used passwords
- 123456
- password
- 12345678
- qwerty
- 123456789
- 12345
- 1234
- 111111
- 1234567
- dragon
- 123123
- baseball
- abc123
- football
- monkey
- letmein
- shadow
- master
- 696969
- michael
- mustang
- 666666
- qwertyuiop
- 123321
- 1234…890
- p*s*y
- superman
- 270
- 654321
- 1qaz2wsx
- 7777777
- f*cky*u
- qazwsx
- Jordan
- Jennifer
- 123qwe
- 121212
- killer
- trustno1
- hunter
- harley
- zxcvbnm
- asdfgh
- buster
- andrew
- batman
- soccer
- tigger
- charlie
- robert
Read the article in detail at wpengine.com
