14 DAY TRIAL // Security experts and enthusiasts alike have warned of the danger of choosing an insecure password, but users keep relying on easy-to-crack strings to protect access to their online accounts.
A list with the 25 most used, and obviously insecure passwords for last year has been compiled by SplashData, maker of password management software, showing that new easy-to-crack strings have made it to the top while some things remained the same.
New entries are equally insecure
“password” and “123456” are still leading the pack of bad passwords, while for some unknown reason the third place is taken by “12345.”
It must be noted that all three of them are extremely easy and fast to crack. Had they combined alphanumeric characters, a brute-forcer would have a more difficult time exposing them, although it would still be very far from a significant improvement.
Mixing numbers, letters and symbols would make for a strong password, especially if a large number of characters is involved, but the trouble is that most users cannot remember them.
One choice is to rely on a phrase, and if the service has a limit for the number of characters allowed, then picking every first or last letter of each word and replacing it here and there with a number or symbol, would lead to more time and resources being required to find the right combination.
The list from SplashData has some new entries, such as “baseball,” “dragon,” “football,” “mustang,” “access,” “master,” “michael,” “superman,” “696969,” and “batman.” Make no mistake, these are not any more secure than the top three; in a brute-force attack, they are still among the first ones to be tried out automatically.
One very strong password should be enough to create
A large sequence of varied characters is what demands more power and time for cracking, thus discouraging the cracker from pursuing their goal. The only condition is that the string make sense to the user so that it can be remembered with ease.
However, since many users have several online accounts, one of the best choices is the use of a password management software that comes with a built-in password generator. Many such programs have a mobile version and sport synchronization capabilities too, which allows having access to the information all the time.
Synchronization of the encrypted password database can also be obtained by relying on cloud storage services. In this case, the master password should be virtually uncrackable and could be an entire phrase, tweaked with symbols and numbers.
SplashData processed information gathered from more than 3.3 million passwords that hackers dumped into the public domain in 2014.