Blog & Tools

Passwords: A recipe for security, words to avoid

A lot of computer users are slow to recognize and accept the serious risks presented by hackers and identity thieves. Evidence shows they keep using weak passwords.

SplashData’s list of the most common and therefore worst passwords of 2015 looks a lot like the company’s 2014 list. The most common password in 2015 was “123456” and the second most common was “password.”

Those two weak passwords have topped SplashData’s list since it started issuing an annual report five years ago.

The California-based company provides secure-password and record-management services. Its annual assessment is based on leaked passwords mostly from North America and Western Europe.

Glancing through the most recent list bad passwords might make you feel creative.

Simplistic, numerical sequences are commonly used for passwords. Six of the 10 most common passwords in 2015 were nothing but numerical sequences. In addition, the top-row, keyboard sequence “qwerty” came in at No. 4.

The sports world was represented in the Top 10 with “football” at No. 7 and “baseball” at No. 10.

2015 Most Popular Passwords

As security experts at SDN Communications and other companies stress, users should develop longer and more complex passwords – the longer the better. Consider these suggestions:

  • If possible, include a mix of uppercase and lowercase letters, symbols and numbers.
  • Change them often – at least every few months.
  • Don’t use the same password for multiple sites. Each site should have a different password.
  • It’s common for sites to require at least eight characters. Those with 12 or more characters are even better.
  • Avoid websites that don’t support secure passwords and ask the host companies to update their protective policies and procedures.

Keep in mind that strangers can mine personal information from public Internet sites to guess passwords. So there are also a few things to avoid:

  • Your favorite team
  • A movie title
  • Your birthday
  • Your pet’s name
  • Any other type of highly personal identifier
  • The 10 worst passwords of 2015 (or any other year, for that matter)

More sophisticated hackers use computer programs to figure out passwords. So, using passwords that are complex increases the chances they’ll give up on getting into your account and move on to other targets.

Whenever possible, computer users should also take advantage of two-factor authentication options, An example of that is when a person tries to access a personal web account from a computer he or she doesn’t normally use and is prompted to use a one-time passcode texted to a mobile device.

Online services from companies such as SplashData can help organize and protect passwords with online services that generate random passwords to increase security.

If you depend on your memory to store your passwords, there are methods that might help. SDN suggests creating a story built around the password, for example, or making up an acronym. You also might be able to create a memorable scene based on the password.

Companies with valuable or sensitive electronic information should establish and enforce password requirements among employees. Good training is extremely important.

LastPass is another company that sells password-management services online. It points out that a company is only as strong as its least-informed, most insecure employee.

“Your IT department could be following all of the practices above, but that means nothing if your employees aren’t following good practices as well,” LastPass says.

Whether at work or in personal life, computer users can make would-be hackers’ lives much more difficult by using longer, more complex passwords and taking other precautions.

Request our Infographic Posters