No. 25 on Splash Data’s annual ranking of the worst passwords – “trustno1” - seems rather odd. Short for “trust no one,” it’s probably good advice to follow when dealing with computer security, but it isn’t a good password.
It’s a little better than “123456,” which tops Splash Data’s list of bad passwords for 2017. No. 2 is the always popular “password.”
SplashData is a California-based company that provides security applications, including password management solutions. It examines leaked data, mostly from North America and Western Europe, to come up with an annual ranking of insecure passwords.
Several of the weakest passwords in the most recent list are repeat offenders that rank near the top year after year. An exception: “letmein” comes in at No. 7.
Bad passwords can be friendly, such as “welcome” (No. 12) or in bad taste. A few on the list are too profane to repeat here.
First names are especially popular. There are more than 20 relatively common first names on the 2017 list. The influence of pop culture also is evident. No. 16, for example, is “starwars.” The highest-ranking of several sports terms is “football,” at No. 9.
The company releases the list to encourage people to use stronger passwords.
During the past couple of years, security experts, including some at SDN Communications, have suggested that people consider using passphrases instead of passwords.
Passphrases are essentially short sentences that should be spiced up with random symbols and punctuation marks to make them more difficult for hackers to figure out. The goal is to create something that’s complex enough to prompt hackers to move on.
The biggest virtue of passphrases is that they might be easier for users to remember and not have to be written down. Passphrases can also be more secure than a basic password assuming they’re longer and more complex.
SDN offers three tips to help people remember complex passwords and passphrases:
- Create a short story and memorize some details.
- Use a phrase from a song that you like.
- Create a scene based on a special location.
Security experts at SDN and other organizations also have general suggestions to boost passwords and passphrase security:
- Never use the same password twice.
- Each of your devices should have a unique password that is changed periodically.
- Use two-factor authentication whenever it’s available.
For example, you might sign up to receive a text message with a one-time sign-in code whenever you try to sign into a computer other than the one you normally use.
Several companies offer online password-management services to help people store and organize multiple passwords. That way, users only have to memorize a single, master password.
The downside of relying a password service is that you also carry the risk of a single point of failure. So if you opt for a password-management service, do some research and go with a good one.
And if they’re written down, take care in how and where the information is stored. Writing down sensitive information weakens its privacy.
Corporate data breaches often are the result of front-line employees being tricked out information, including passwords, often by fraudulent email. Always be hesitant about giving out a password. Passwords should not even be shared with friends.
Never take the lazy way out in creating a new password or passphrase, either. Don’t settle, for example, by using the first six letters on the top row of the traditional keyboard - “qwerty” was No. 4 on SplashData’s list. Be original and let your creativity flow.
SDN Communications, the host of this blog, is a leading regional provider of broadband connectivity, cybersecurity services and other telecommunications solutions for businesses and institutions.
They've compiled a series of cybersecurity posters to help educate your employees, which includes one on building strong passwords. Use the button below to request a free download to print and hang in your business.