In a world where we measure things (like speaker volume) from 0 to 10, it’s time crank your password strength up to 11. Take whatever you think a strong password might be and make it stronger.
Unfortunately, too many people still have their password strength firmly planted at zero.
Become a Patron of Ask Leo! and go ad-free!
- An annual report of most popular passwords remains disheartening.
- Length trumps everything.
- Long passwords don’t have to be hard.
- Password managers make long, strong passwords easy to deal with.
- Take the time to replace your weak passwords.
And the most popular password is….
Splashdata recently released its report of the 100 most common passwords. Analyzing over five million hacked and leaked databases of passwords, they tallied up the most popularly used passwords, and the result is … depressing.
The top five include:
The rest of the list is more diverse but just as obvious, including passwords like “iloveyou”, “qwerty”, “charlie”, “donald”, and many more horrific choices.
Not only are they simple, easy to guess, and clearly on the list of the very first passwords hackers try, but they also suffer from the greatest sin of all, in my opinion.
When it comes to passwords, length trumps everything. For example, let’s take that #1 offender above:
A six-character password. Ugh. But adding a simple pattern to turn it into a 20-character password makes it a pretty reasonable choice:
****** 123456 ******
All I did was add six asterisks before and after, separated by a space. And yes, as simple as that pattern appears to be, it’s a strong password. Much stronger than 123456, and just as easy to remember. (Caveat: it’s a weaker password in that it’s been published here as an example. Don’t use this exact password; use it as an example of a simple technique to lengthen otherwise poor passwords.)
Again, length trumps everything.
Long doesn’t mean hard
I’ll admit that throwing asterisks before and after a password doesn’t feel secure, even though it is. It just doesn’t feel like we did enough work.
I recently set up an account for a friend and did exactly that. When it came time to generate a password, I looked around my desk, picked three random items I saw, combined them with a fourth item this friend and I had in common, and — poof — a password that was long, strong, and easy to remember.
To repeat my exercise, here’s another:
That’s a 26-character password. If you need special characters, add spaces, or an exclamation point in what for you might be a “standard” location, like at the end or after the first word.
Password managers make it even easier
As easy as that password is to create, and as memorable as it may be, if you have a lot of different passwords (and who doesn’t), it can still be difficult to keep ’em all straight. Enter the password manager, which remembers them for you. That way, you need remember only one password — presumably also of the long and memorable variety — and the password manager does the rest.
Because I use a password manager (LastPass), I don’t bother combining words for the majority of my passwords. I go all-in and let the secure password generator do the trick. For example, most of my passwords look like this:
That’s 20 characters of completely random alpha-numeric data. If I need a special character, I’ll throw one in somewhere, making it a 21-character password.
I couldn’t tell you most of my passwords. Not from memory, anyway.
Just do it
I talk about passwords and password strength a lot because, like it or not, passwords are here to stay. They’ll continue to be an important part of your online and account security for the foreseeable future. Even adding two-factor authentication — as you should, if it’s offered — you’re still relying on the strength of your password as your first line of defense.
Review your passwords and replace short ones with something longer and more secure.
And if you’re using anything on this list, don’t delay a moment longer. Go change that password now.