Periodically, we update you on the current list of bad passwords. Security is important to all of us, simply because there are people out there who want to use our information to profit illegally. If there were no hackers and people could be trusted to leave others' private information alone, we wouldn't need passwords. Unfortunately, the perfect world doesn't exist, so we need to keep our own information safe from those crooks who want it.
SplashData does a list of the 100 worst passwords
every year, and they have updated it this year as well. This list never ceases
to amaze me, mainly because of some of the really weak passwords on it
(121212...... seriously???) However, I'm just as guilty of it as anyone else,
and I'm in the process of changing some of my oldest, little-used, weak passwords for sites I want to continue to visit, if only occasionally.
In this list, 2018 is on the left and 2017 is on the right:
parnote and others have done password-related articles for many years. They include the following:
April 2007: What's In A Password?
September 2009: Secure Passwords With openssl
March 2010: Secure Passwords Made Easy
September 2013: Password Security Revisited
November 2013: KeePassX: Not In The Cloud
February 2016: If Your Password Is On This List, Change It Now!
April 2017: Repo Review: Password Managers
July 2017: Weak Password? Five Ways To Generate Strong Passwords
January 2018: SplashData's 100 Worst Passwords Of 2017
To summarize best password practices, do the following:
- Don't repeat the same username and password on multiple websites.
- Longer, complex passwords are harder to hack and crack. Make your passwords 12 characters or more in length.
- Don't use information like birthdays, anniversaries, telephone numbers, names of wife/girlfriend, children and other family members that are personally identifiable.
- Don't use popular hobbies, sports, sports teams, or movie
characters/stars, or anything else related to pop culture.
- Use a mix of letters, numbers and punctuation marks. Vary the case of the letters you use. An "A" and an "a" are not the same on the vast majority of systems.
I think we are all smart enough to generate our own passwords! However, if you need help you can search online, bearing in mind that it's not the most secure place you can search. If you Google "password generator", you will get tons of sites that offer to generate passwords for you. Some of them will even try to sell you security software for your Windows computer (which we don't need anyway). Here are a few:
Most of these are very easy to use: just put in the number of characters you want and what you want to use in terms of characters, then click the "Generate" button. Some generate one at a time, and some ask you how many you want generated. The images below are the first four in this list.
According to many sources, you shouldn't generate passwords online. It's better if you have a local app to do that. It's also better if you have a password manager to help you: that way it's local and not broadcast who knows where. If you do go online to get them, I suggest generating a bunch of them, and then combining some together. That way you have something a little more safe because it didn't come directly off the internet, letter-for-letter, so to speak. You could generate twelve 12-character passwords and then use the first character of each one as your password. That will still give you twelve passwords but not the ones that were generated.
One of the steps in keeping your information secure is to change your passwords often, creating longer, more complicated passwords (that don't appear on the list above!) If you have some older, shorter weak passwords, be sure to get them changed. You don't want your private information falling into the wrong hands!