Smarter Protection: 2016’s Worst Passwords and How to Improve Them

Smarter Protection: 2016’s Worst Passwords and How to Improve Them

You’ve heard this before, but it’s such a pressing issue that we’ll repeat it again: you need to create safe passwords.

That means not just coming up with one password with uppercase and lowercase characters, punctuation and numbers, then using it as your login everywhere. You need to create different passwords for every account you own.

We bring this up for a good reason: people still aren’t taking passwords seriously.

A study released by Keeper Security, a password management software vendor, detailed the 10 million passwords uncovered by data breaches in 2016. You can view the full list here, but examples from the top five include: 123456, 123456789, qwerty, 12345678 and 111111. Of course, the standard fallback of “password” comes in at number eight on the list.

You might be thinking to yourself that, by now, people should know better. Clearly they don’t. Why is that?

Convenience and Confusion

Let’s begin with the obvious – having multiple passwords is very inconvenient. It’s hard to think up multiple passwords and then remember them all. Even a chrome extension built to remember all your passwords like LastPass can have errors or be hacked.

When people log in to a service, whether that be an app, a social profile or to valuable information portals like their finance or health history, they want access to that information right away. Remembering a password, having to change it or going through the steps of a two-factor authentication can be bothersome, especially if the customer is in a difficult situation.

Better Habits

There are relatively simple steps that can be taken to shore up our password vulnerabilities – beginning with the amount of effort we put into creating them.

Instead of type “1234…” and so on, really spend some extra time creating separate passwords for each account. You can even use a random password generator (here’s an example) to help you create passwords with no meaningful connection to you. The aforementioned two-factor authentication should also be used to ensure hackers aren’t gaining access to your systems. Consider walking employees and clients through the process of setting up a password during an orientation period as well, stressing the importance of unique passwords.

One previously popular tactic to leave behind is forced periodic password resetting. As the Federal Trade Commission cited in several studies, changing a password can actually be counterproductive in many situations. For those who have had no issues with their password, for example, this means that it is likely a strong password. Changing it could potentially weaken it. Furthermore, for those who need to swap because their password may have been potentially compromised, they are likely to only make minor changes which hackers can easily crack.

A Password-Less Future?

Despite all this, the problems with passwords may never be rectified. We could be looking at a future where instead of having to memorize or store individualized passwords, we’ll instead carry around physical devices – similar to flash drives – that carry with us our personalized logins and data.

Though this will not outright solve data theft and breaches, it should help. Until then, however, follow password best practices and ensure your password doesn’t end up on next year’s list.

Posted in BAI Security Blog and tagged , , , , .