Thursday, January 31, 2013

90% of User Created Passwords at Risk of being Hacked

Passwords can be tricky and we try to make it easy because there are just too many to remember. But what are the risks of having an easy to remember password?

If you have gotten an e-mail from someone that looked suspicious or crazy and they said they didn't send is because their e-mail got hacked. The solution is to change the password.

There is a downside to having an easy to remember password and the downside can be troublesome. Here are the top 25 most common passwords of 2012. And get this...the #1 is a repeat from 2011. If any of your passwords are on this list, you are most certainly in the 90% and at risk.

SplashData reports these top 25 most commonly used passwords.
1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)
Source: Splashdata

Business Insider Reports by Mark Warman, The Telegraph, January 15, 2013.

Global consulting firm Deloitte released a report recently with an alarming prediction: More than 90 percent of user-generated passwords will be vulnerable to hacking. The report, prepared by Deloitte’s Canadian Technology, Media & Telecommunications arm, said even those passwords traditionally considered strong — with eight characters and a combination of numbers, letters and symbols — are at risk.

We need to be able to remember our passwords right? Passwords are frequently the only thing protecting our valued information from prying eyes.

Here are 10 Rules for creating a hacker-resistant password. In summary, we should:

  • Avoid using dictionary words.
  • Do not use personal information in your password
  • Use special characters, upper and lower case and numbers in your passwords
  • Longer passwords are better than shorter ones
  • Use different passwords for different types of accounts. Financial Institutions, social media, e-mail, web-sites, purchasing accounts on web-sites and software applications.
  • Write passwords down or using a password manager to remember them.

But the fact still remains that we seniors or computer novices need to be able to remember our passwords first and foremost.

Here is a website password generator that helps you create short or very long and very strong passwords.
Let me show you a few simple schemes to change your current, easy to remember password to a strong one but still easy to remember.

Exchange a letter for a number. Example:
l or I = 1, e = 3, h = 4, b = 6, t = 7, p = 9, o = 0

Use special characters in a way that is easy to remember. Special characters are @, #, $, %, &, *, +, -. Like the above, replace a letter or a number with a special character. Example: a = @, s = $, 8 = &.

Following these schemes, let's see how a simple word can evolve to a strong password but still easy enough to remember.





See how we've used a combination of upper and lower case, numbers and special characters but still pretty easy to remember.

Good passwords can be a combination of words. However, dictionary words should be avoided as they are easier to crack. Try putting underscores between words or using some of the schemes above. Here is another view of how a phrase can evolve to become a very strong password.

main street gym




When one passes away there are many online accounts heirs will need to get in to. Make sure your passwords can be obtained by them. Keep a list somewhere or instructions to your password manager.

Speaking of a password manager. A password manager is a good tool to use to remember your user names and passwords. Sure, you could use a Word or Excel document but those are not very strong. I've been using the same password manager for over 10 years although it has evolved. It is eWallet Go by iLium Software. You enter your own password or let eWallet Go create a strong one. eWallet Go is $4.95 and available for all devices. I have it on my iPad, Android smart phone and Windows PC. There are many that are free and some quite expense.

There are 3 basic types of password managers.

Source: PC Magazine
  1. One that simply holds usernames and passwords that you create. eWallet Go is an example of this type.
  2. Another is one that automatically places the username and password for you when a login screen presents itself. You call up the password manager, type its password and it places the appropriate username and password onto the screen. This type of password manager can reside right on your PC so you would need it for each of your devices.
  3. Probably the best password manager has the same features mentioned previously but resides on a secure site on the internet. This way, you can call up the password manager from any device or PC around the world.

Here is a very good review by Top Ten Reviews on some of the best password managers.

I like this review very much by Bonnie Cha of All Things D called Unlocking the Power of Password Managers. The review also has a short video showing the password managers in actions. NOTE: this video will not run on some tablets.
Ars Technica. Why passwords have never been weaker...and why hackers have never been stronger by Dan Goodin. August 2012
Lifehacker. Which password manager is the most secure? by Melanie Pinola. September 2012
PC Magazine. The Best Password Managers by Neil J. Rubenking. July 2012
Privacy Rights Clearing House. Online Privacy: Using the Internet Safely


If you liked or even disliked this article, please let me know by writing a comment. Also, please tell me if the article is too "techy", just right or too remedial. I really appreciate it.


No comments:

Post a Comment