Security Education part 2: Safe Passwords
By Dexter Duncan
Passwords are combinations of digits or keys to accessing your data. A recent Forbes article covered worst passwords, some of which presumably compiled from actual data “stolen” from 32 million passwords from a hacked website. Of the stolen passwords, the top 5000 passwords were shared by 20% of the accounts.
From studying the common passwords, some patterns emerge, which any hacker could apply. Some of the below are humorous. However, if you or those around you are using any of the “worst” passwords, change them immediately to something more secure.
Sample Worst Passwords:
Some common patterns in passwords, which represent the “worst” passwords:
1) Straight Numbers often created by sliding your hand on adjacent keyboard numbers
- 12345678 or similar
- 987654321 or similar
- 111111, 123123 or similar pattern
2) Straight Keyboard letters created by sliding your hand across adjacent keyboard letters
3) Words from the dictionary or common names
- Michael or similar
4) Common phrases or combinations
Good Password rules:
1) Password length should be at least 8 characters long using Capital and regular letters
2) Turn a phrase into a word – “Mary had a little lamb” becomes “mhaLITTLEl”
3) Substitute 1, @, !, 3, 4, 5, $, 0 for alpha characters – “hellodolly” becomes “h3!!0d011y”
Ideally, you’d use a combination of the above, use a different password for all sites and include extra numbers or &,#,! characters. As an example, “Mary had a little lamb” becomes “mh@1!TT1E1!”
Problem with banks:
Some account websites such Road and Traffic Authority (RTA) and most banks only allow alphanumeric characters (e.g. A to Z and 0 to 9). In other words, they do not support characters such as – !, &, and $. The suggestion is to use number substitution, capital letters and phrases. 5 substitutes for S, 4 for A, 1 for I, 3 for E and 7 for L. “Mary had a little lamb” is now Mh47ITT737.
Other Good Passwords and Memory:
If you cannot think of a phrase or find it too difficult, another technique to create a strong password is to interleave words and numbers. For example, the password Mark1992 is a weak password, although easy to remember. To create a strong password from this weak one, you can interleave the numbers and letters to become M1a9r9k2.
If remembering passwords is a problem, there are some password banks such as splash id which “remembers all your passwords in a safe space. The idea is to log into the site, and cut and paste or apply your passwords. See the secure password manager called SplashID at www.splashdata.com for an example of this.
Call your local technology partner for advice.
See our website for more:
About the author: Dexter Duncan is a Manager at Empower IT Solutions. Contact Dexter at dd@EmpowerIT.com.au
1) Forbes – 25 “worst passwords” of 2011 Revealed, by David Coursey, Nov 23, 2011
2) Imperva’s white paper, “Consumer Password Worst Practices” www.imperva.com
See also website called www.howtoanswer.com/howto/computers/how-to-create-a-strong-password