So, you think your “Hard-To-Guess” passwords are safe?

2 years ago, in 2010 Imperva report identified the most commonly used passwords; here are top 5 that discovered by analyzing 32 million passwords exposed in the breach.

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou

Now, in 2012, Eset released a new report based on the 6 million, and top 5 include:

  1. password
  2. 123456
  3. 12345678
  4. 1234
  5. qwerty

[bang your head here if your password is on the list]

You are probably thinking – “Why am I reading this? My password is far more complicated than this“.
So… you think your hard-to-guess passwords are safe?
[click here to skip to the point]


Really? 2 years later and we as a collective are still in the same trap?

Some of the ignorance  comes, of course, from humility.  We all know someone whose motto is “It will never happen to me! Why in the world anyone would want to hack my stuff? I’ve got nothing of worth to steal!” I personally know someone that is convinced that her password is so simple, that nobody would suspect she is actually using it. (Sorry, Mom!) I can’t change her mind, no matter the stats. Some people just can’t respect the fact that with 6 billion people on this planet, some tricks would be too common by now…

Listen up: it is not just about you anymore.

What some people (especially those not directly involved in data security) tend to forget, that your password/profile is vulnerable not only to those who are “curious” or want to “steal your stuff”, or “spying on you” – but that there are also malicious users who may try to breach their account either in person or by using a hack of a computer program – because if they can gain access to your profile, their access to more information – including proprietary information, identity details, banking accounts, and more – it can grow exponentially once they access the system. For example, if someone gets a hold of your FTP access, they can potentially hack into other accounts that your server shares – if your provider does not take necessary precautions for security.  It may be done for purpose of identity theft, access to valuable data, or just for fun and street cred to the hacker who got in. If you live in a high-rise building, you may have no money and no possessions in your apartment, but don’t forget you may have the key to the building on your key chain – and muggers may want to get their hands on that, too…

Malicious user may not care for YOU specifically, but will make an effort to USE YOU to gain access to data that is stored on shared resources.

How to Come up with difficult-to-crack, but easy-to-remember Passwords?

If you search for term “Safe Password” or “Strong Password” , or “Hard-to-Guess password” you will find plethora of advice on the strong password combination – including replacing letters with numbers, numbers with letters, coming up with acronyms with your favorite song’s lyrics, where and how to sprinkle special characters on top, etc. Frankly, I was a big fan of coming up with passwords this way, too.  I was going to come up with some clever tips of my own, but… recently I was doing some research on the subject matter, and came across this excellent comic, that make such an elegant solution explanation, that it does not even require any further comments.

Full disclosure: I am changing some of my passwords after this fantastic visual aid from XKCD.

I announce today be a first “Change Your Password” Day.  Go ahead! You can do it!
Remembering Passwords

from XKCD New take on easy-to-remember passwords


How is your state of IT? Call Us: (855) 551-7760 with any questions.