If you haven’t heard, SplashData have released their annual “Worst Passwords List”, a collection of the top 25 most used passwords in the world, which predictable make them the worst passwords to use. Still to be dethroned is of course “123456”, with “password” nabbing the honour of being the second worst password of 2015.
The list is full of similarly simple passwords, though credit has to be shown to the thousands who employed an extra digit. making “1234567” the 9th worst password of the previous 365 days. To be honest I’m surprised “365” (as in 365 days in a year) isn’t used as a password but I assume that’s due to the minimum six characters most passwords require; perhaps 24/7/365? We must of course not forget to blame J.J Abrams for people’s lax security precautions; “starwars” is a new addition to the list of terrible passwords, coming in as the 25th worst password of 2015.
It is depressing that even into 2016 a significant number of internet users employ such weak passwords, passwords that can be brute forced faster than you can type them in. As governments around the world debate behind closed doors over the viability and usage of backdoors in applications and whether or not encryption should be banned (debated by officials, I may add, that at times have no clue about what exactly they’re debating), the everyday Joe will go about without a worry until their Instagram account gets compromised.
With reports of hacking on the rise, phishing scams plaguing everyone and the surge of websites that are littered with malware (I’m talking about you Forbes), you would think that we homosapiens as a species would evolve our methods of digital protection. Alas, that isn’t the case. And the problem are passwords themselves. Passwords as a rule of thumb are terrible; it can take less than a second for a computer to break through a 8 character password.
Hence you should stop using them.
I don’t mean to forsake the password field forever but rather to upgrade from a password to a “passphrase”.
What is a passphrase? Abs0luteGEEKSt3cHNew$ and 120km/halongDUBAIyOlO are two examples; they’re a mix of letters, symbols and numbers that form a series of words that are easily memorable and yet are too long to be stored in a standard password dictionary a hacker may use to brute force and compromise your account.
Length is a big factor when it comes to the strength of a password or, in this case, passphrase. take for instance the password “ab”. Two characters made up of two letters, both lowercase. It would take less than a 10th of a second for a simple application to go through all the possible variables and hit upon the correct set of letters to compromise the account affiliated with this password. I earlier mentioned that even an 8 character password could easily be broken in less than a second and as a result people would have to strive for even longer passwords. But a random collection of numbers, letters and symbols can be incredibly hard to remember, prompting people to inevitably use one password, or permutations of that password across multiple accounts.
We’ve all heard of the proverbial saying “don’t put all your eggs in one basket”; the saying should be upgraded to “don’t safekeep all your accounts with one password”. It’s time we live by it.
