In October, Dutch researcher Victor Gevers claimed he managed to correctly guess the password for the Twitter account of outgoing US President Donald Trump. He says did this in just five guesses, and considering the password was reportedly “maga2020!”, this isn’t very surprising.
Trump’s weak choice of password highlights a common misconception – that passwords containing numbers and special characters are strong. In truth, his password is obvious in that it contains a well-known acronym for his campaigning slogan, the current year and what seems to be his favourite punctuation mark.
The popular advice to substitute letters with numbers and special characters in passwords is often credited to security guru Bill Burr in 2003, but even he now admits he regrets it, as it has led people to choose overused combinations like “pa55w0rd” and “abc123” and believe them to be secure because they use a mixture of characters.
Experts now suggest that password length is more important than complexity, with each character making the password exponentially more difficult to crack. Even three unconnected but everyday words like “bridge tomato notebook” makes for an easy-to-remember yet hard-to-guess password, and is the method used by the geocode system what3words to locate any area in the world to within three metres.
Many sites won’t allow such passwords, however, saying they’re not secure enough because they don’t contain capital letters and numbers, while at the same time allowing much more guessable passwords like “Qwerty123”.
A recent Cybernews.com article analysed over 15 billion passwords to identify some of the most common choices. The first alarming point is that only 2.2 billion were unique, equating to under 15%. Further analysis reveals that internet users are also choosing obvious memorable details in their passwords that an informed hacker or password-cracking tool may be able to work out.
Years
The two most common years used in passwords are 1987 and 2010. The explanation behind these two far-apart years is that people born in the 1980s are of an age that is most active on the web, and that 2010 coincides with password resets and a memorable year.
Perhaps it’s better to avoid years altogether in passwords. If numerals are needed, a single memorable number may actually make your password more difficult to guess.
Sports teams
Bad news for many of our local internet users – if you’re using “liverpool” in your password, you have something in common with 631,076 of the passwords studied. The term “reds” is even worse, totalling at 686,716.
Remember that your favourite football team is something many people will already know about you, and if they don’t, a quick look at your social media profile might well give it away. If you must include a sports team, make it more cryptic.
People’s names
The top five most common personal names to appear in passwords are “eva”, “alex”, “anna”, “max” and “eva”. What these have in common is they are all short and are popular baby names of recent years.
Including the name of your children or partner in your password is about as obvious as it gets, so avoid it, even if it’s not one of the more common names.
Struggling with passwords?
Many sites will now generate a strong password for you, or there are sites like PasswordGenerator.net that can do it. The problem is, how do you remember a password like “q/.WhBPvLws{PL4z”, which is what that site has just offered me?
Password manager tools like LastPass can come to your aid, not only generating passwords but also operating as a browser extension that can store and enter your passwords at the click of a button.
There may come a day when we laugh at the idea of our most valuable and sensitive data being protected by something as flimsy as a password. Until then, the responsibility is on us to choose strong, unique passwords and protect them responsibly – something we always do at Engage Web.
- How to find a circular reference on Excel - May 23, 2024
- Five life skills learned from internet marketing - January 3, 2024
- How artificial intelligence can (and can’t) help you write content - September 29, 2023