Hark! Who goes there? Are your computers secure at the most basic level?
With 6.5 million passwords stolen from LinkedIn and another 1.5 million passwords stolen shortly after from E-Harmony, possibly by the same hacker, password security is at the front of the minds of all computer users. Since users of thoseservices had to change passwords, it would be a good time to check all of them to make sure your new password(s) is a good one.
So what makes for a bad password?
How many movies and TV shows have you seen where computer passwords are hacked in a minute to reveal the plot secrets? They never seem to get the password the first time, and they usually need some personal insight into the person to figure it out, like the birth date of a loved one, the name of a pet they used to have, or even their address. If they weren’t using real words, or even only real words, their computers wouldn’t get hacked in to very easily, or maybe at all.
The posted passwords revealed common themes among the top stolen passwords. “work”, “job” and “career” were all on the top 30 stolen passwords list from LinkedIn. This is no surprise, since LinkedIn is a career focused social networking site people are on the site for work, their job, and their career. This shows that users associate their password with the reason they are on the site to begin with. This is smart as it means users do not have the same password for every site they visit, however all of these words are very short, easy to guess, and not unique at all. A simple remedy would be to add numbers or special characters that would not be easily guessed.
Some of the top 30 passwords stolen were also bad 4-letter words. Again, these passwords are very common and easily guessed or hacked. Additionally, while your password should be private for you, think about the potential embarrassment if one was connected to you. Even if you put characters in place of certain letters rather than spelling the full words out, if someone can tell what you are trying to say, you shouldn’t use it.
Five of the top 30 passwords were numerical. It is best to use a combination of numbers and letters, but what makes the top numerical passwords even worse is that those numbers were in order. “1234”, “12345”, “123456”, “1234567” and the reverse pattern “654321” were all on the list. If you’re using numbers, mix them up. Try a random date of only something you would know.
Some of the common passwords on the top 30 may not fit into a specific category and include “monkey”. “pepper”, “princess” and “soccer”. The point again is not to use common words you can pick out of a dictionary. If someone knows you play soccer, then they could figure out that soccer is your password. While it may not be the most obvious choice, it is also not the cleverest way to hide what it could be. A recent trend with these types of words was to add “ilove” in front of them, which made them longer, but still not hard to crack.
Most importantly you should remember to change your passwords at regular intervals – no less than twice a year, and best at least once a quarter. If you are on LinkedIn or E-Harmony, change your password even if you were not sent a message to do so. If you used those passwords on other sites, change them as well – just to be safe.
We’ll be exploring more general security related items over the next few months, but if you have questions or concerns in the meantime, please email us and we’ll be happy to help.
