SDN Blog

Passwords: Longer is better but still not entirely safe

Posted on Monday, March 02, 2015 in Cybersecurity

Blog written by SDN Communications

Passwords

Reading a list of the most common computer passwords for 2014 made me feel creative. The most common password – and therefore the worst one of the year – was “123456,” according to splashdata.com.

No. 2 on SplashData’s worst list was “password,” and No. 3 was “12345.” Six other simplistic, numerical sequences also made the top 25.

SplashData is a California-based company that provides secure-password and record-management services. Its annual assessment is based mostly on leaked passwords from North America and Western Europe.

The security of a company’s assets is only as strong as its weakest password.

In addition to numbers, password creators in 2014 also liked sports (“baseball” and “football”), animals (“monkey” and “dragon”), and superheroes (“batman” and “superman”).

I know several people who have had computer accounts hacked, so I’ve learned to use more complex and longer passwords. Longer, especially, is better, says Adam Tischler of Sioux Falls-based SDN Communications. He’s a managed services engineer who specializes in firewalls. So he knows about computer security and passwords.

“The hardest ones to crack are the longest ones,” Tischler says.

Because of the way passwords are encrypted and stored, a 20-character password comprised of a few real words is probably going to be more difficult for hackers to figure out than a mix of a few letters and symbols, especially if the cyber snoops are based in another country and don’t know you, he says.

Although strangers might not know enough about you to make educated guesses about your passwords, they can mine personal information about you from public Internet sites, Tischler notes. So, simple passwords are at risk, too.

For everyday use, people generally can feel comfortable with a password that is eight to 12 characters long, he says. Work passwords should be longer, if possible.

“If for some reason, a website doesn’t support a secure password, you shouldn’t use that website or you should ask them to update their policies,” Tischler says.

It’s especially important for people not to use the same password for multiple sites, Tischler says. Use a different password for every site.

SplashData's Most Popular Passwords of 2014

Online services from companies such as SplashData and LastPass can help organize and protect passwords and even generate random passwords to increase security.

Whenever possible, computer users also should take advantage of two-factor authentication options, Tischler says. An example of that is when a person tries to access a personal web account from a computer they don’t normally use and is prompted to use a one-time passcode texted to their mobile device.

SplashData discourages people from using their favorite sport or sports team in their password. The company also discourages the use of birthdays, especially birth years, and common first names such as Michael or Jennifer.

LastPass reports that 73 percent of people use the same password for multiple sites, and that the average password has six characters. More concerning is this claim from LastPass: the average password can be cracked in three minutes. Yes, three minutes!

As LastPass says on its website, the security of a company’s assets is only as strong as its weakest password.

Whether at work or in personal life, you can make would-be hackers’ lives more challenging by using longer, more complex passwords and taking other security precautions.