Every cloud has a silver lining, and every password breach offers an opportunity to see how good (or bad) our passwords really are. Over the past several months, there have been a number of major password breaches: LinkedIn, eHarmony, Gamigo, and others. The silver lining to that particular cloud is that those password lists have allowed researchers to confirm once again that we’re collectively very bad at choosing strong passwords.
Security consultant Mark Burnett analyzed the passwords from various breaches, and identified the most popular passwords. Some of them are not surprising: “password” or “123456.” Others are a bit more interesting: “michael” or “jennifer” (hint: don’t use your name as a password, and really don’t use your name if you have a common name).
In total, just ten passwords accounted for 14 percent of all the passwords on the list. Only 10,000 passwords are in use by over 99 percent of users, says Xato.net. For hackers, this means a very small set of passwords carry very good odds of getting in.
Here’s some simple rules for creating secure passwords:
- Increase the number of characters used
- Use letters, numbers, and special characters
- Vary capitalization
- Don’t use simple character substitution, such as, “3” for “e” (hackers have figured out that trick)
- Avoid words
Use a complex password, because you don’t want to see your password on the “easy target” list.
- LinkedIn’s Password Breach Draws FBI’s Attention [Forbes]
- Dating Site eHarmony Confirms Password Breach [PCWorld]
- Eight Million Email Addresses and Passwords Spilled from Gaming Site Gamigo Months After Hacker Breach [Forbes]
- 10,000 Top Passwords [Xato.net]