It seems that every major personal account leak reveals the same, depressing reality: we still use really predictable passwords.
We’re always told about the importance of having passwords that are difficult to crack. Upper case, lower case, letters, numbers and symbols. Make it 10 characters and we’re laughing.
But we never do, so we never laugh.
A few weeks back, Avast cracked into the first stream of passwords revealed in the Ashley Madison hack. Although there were more widespread cracks to emerge within days, the results from Avast’s quick look were predictable.
We’re still idiots when it comes to security, with the most popular passwords discovered so far being the uninspiring ‘123456’, ‘password’, ‘12345’, 12345678’ and ‘qwerty’.
It’s a continuation of a trend, really, with January now the recap month that offers a consistent reminder of how uninspired we are when it comes to our password choices.
‘123456’ and ‘password’ sat top of the list of password choices last year, with a slightly shortened ‘12345’ in third, the creatively lengthened ‘12345678’ fourth and ‘qwerty’ rounding out the top 5. It was much the same the year before, too.
Earlier this year we spoke with Tom Keating of FireEye to discuss how best to construct a password. His advice was simple, and probably ignored.
Keating claimed it’s best not to use any words from a dictionary, a noun or even foreign words “as they can be cracked very easily”.
“A person should never put personal information in a password, like a date of birth, name of a child, place of birth, etc,” he said.
“The best passwords are ones that are long (10 characters or more), have at least one special character (!@#$%^&*()_+), one capital letter, one alt character (such as £ or Æ) and one number, for example !HTYdfÆ65!”
Randomness is key
Edward Snowden’s suggestion revolves around telling a story, but a unique one.
“MargaretThatcheris110%SEXY” was his advice to John Oliver in an interview earlier this year, but even that has been criticised.
Random is the way to go, but we don’t do random too well.
For example here is an infographic relating to a massive password leak from Gmail last year:
Main image via Shutterstock