Hey, guess what? Your passwords probably suck. Most of our passwords suck. To be fair, mine don’t. They’re stupid long, are random, and I never repeat them. Maybe you do the same. If so, you can read this piece, gloat, and revel in how much better at security you are than your neighbors. Or skip it altogether.
But for the rest of you? Your passwords probably suck. So—for #&%@’s sake—make your passwords better!
Passwords Still Somehow Sucked in 2016
Keeper Security (makers of Keeper password manager, for context) analyzed some 10 million passwords released in security breaches in 2016. Five million of those passwords are in the image below. Oh, sure, there’re only 25 passwords in this image, but they represent half of all the passwords used. Because most of you suck at passwords. Behold:
Do you use a password that is on that list? Change it! Seriously, folks. Make your passwords better. Apple’s Safari will generate fairly strong random passwords. So do all of the password managers (my favorite is 1Password). Use these tools. Use a password manager to keep everything straight. Don’t be lazy.
And that one password that somewhat doesn’t suck*—18atcskd2w—but is still somehow in this list? Keeper Security wrote, “According to Security Researcher, Graham Cluley, these accounts were created by bots, perhaps with the intention of posting spam onto the forums.”
OK, makes sense why it’s there. But call me unreassured.
Basic Password Tips for Improving Your Security in 2017
The reality is that if you’re reading this article, you probably have some interest in making your own passwords stronger, or helping those in your family who need that help. Here are some basic tips for better password security that I am shamelessly reusing from an article Jim Tanous wrote for us in 2012:
1.) Every password should have all these things:
- Uppercase characters
- Lowercase characters
2.) Make them long. Safari generates 15-character passwords. Me? I like mine longer. 15 characters is nice. 18 is nicer. 24 characters makes me a little flush, if you know what I mean. Plus, when using a password manager, longer really isn’t much of an issue. Jim Tanous beautifully explained why length matters, so check out that piece if you’re curious.
3.) Never reuse a password, never use the same password on more than one site.
Again, Please Make Your Passwords Stronger
The badguys are getting stronger. This is just a fact. Criminal organizations, miscreants, and foreign govermnents alike are getting better and better at breaking into accounts, and performing the very breaches that yielded the passwords for Keeper Security to analyze.
On the one hand, your stronger password won’t keep companies who get breached from being breached. But, stronger passwords will make it much harder for the bad guys to access your accounts outside of a breach. In addition, by using different passwords, a data breach at one site won’t expose you on other sites.
*It’s nowhere near long enough, there are no capital letters, and no other characters. It still sucks.