I'VE talked about passwords here every now and then. And I’ve always advocated about making sure that your passwords are secure. When I say “secure”, you’re not using any of these passwords on the list. That’s a list of 100 passwords that I recommend you don’t ever use for any of your online accounts. It’s just bad practice.
Before you go out replacing all of those passwords into something else, consider a few reminders.
Use a passphrase
I strongly advise using a passphrase instead of just a password. A passphrase is, well, a phrase. Instead of just using “password”, use something like “imissswimmingintheriver”. The objective here is to use something that is a bit more personal for you. Take note, just a bit more personal so you can easily remember it. Don’t be too personal. If these nefarious characters know details about you from your social media posts, they can take those into account when they make the hacking attempt. The benefit here is that the passphrase is harder and takes longer to crack.
Make it long
Length is an ingredient to getting yourself a more secure passphrase. A phrase can be a word or two or three but if you make your passphrase longer than that, things become better. According to an article from the Infosec Institute, “lengthy passwords are often associated with an increase in password entropy, which basically is the measure of how much uncertainty there is in a key.” The article even talks about a formula in a Microsoft TechNet blog article that calculates bits of entropy. Entropy is the "measure in bits of how difficult it is to hack a password”. The formula emphasizes the role of length in that entropy. So, how long should it be? At least 12 characters in length.
Make it complex
Complexity is using different characters in the passkey instead of just using the 26 letters in the English alphabet. You can substitute letters with numbers like a “3” for an “e”. I also suggest using special characters like the “#” or the “@“. Those characters introduce more variety of characters into your passkey. More variety means a more complex passkey. And we all know what a complex passkey means.
There you go. Simple steps that make a world of difference in keeping your online accounts secure. Of course, you can always use a password manager to help you out in creating those passkeys. My experience though with password managers is that they never give you a passkey that’s easy to remember or easy to pronounce. If you do go the password manager route, I recommend LastPass. It’s what I personally use.
So let’s have that list of the top 25 worst passwords of 2018 by SplashData.
1. 123456 (Unchanged)
2. password (Unchanged)
3. 123456789 (Up 3)
4. 12345678 (Down 1)
5. 12345 (Unchanged)
6. 111111 (New)
7. 1234567 (Up 1)
8. sunshine (New)
9. qwerty (Down 5)
10. iloveyou (Unchanged)
11. princess (New)
12. admin (Down 1)
13. welcome (Down 1)
14. 666666 (New)
15. abc123 (Unchanged)
16. football (Down 7)
17. 123123 (Unchanged)
18. monkey (Down 5)
19. 654321 (New)
20. !@#$%^&* (New)
21. charlie (New)
22. aa123456 (New)
23. donald (New)
24. password1 (New)
25. qwerty123 (New)
Are you using any of those?
I sure hope you’re not.