Home

Security Education part 2:  Safe Passwords

By Dexter Duncan

Passwords are combinations of digits or keys to accessing your data.   A recent Forbes article covered worst passwords, some of which presumably compiled from actual data “stolen” from 32 million passwords from a hacked website.   Of the stolen passwords, the top 5000 passwords were shared by 20% of the accounts.

From studying the common passwords, some patterns emerge, which any hacker could apply.   Some of the below are humorous.  However, if you or those around you are using any of the “worst” passwords, change them immediately to something more secure.

Sample Worst Passwords:

Some common patterns in passwords, which represent the “worst” passwords:

1)      Straight Numbers often created by sliding your hand on adjacent keyboard numbers

  1. 12345678 or similar
  2. 987654321 or similar
  3. 111111, 123123 or similar pattern

2)      Straight Keyboard letters created by sliding your hand across adjacent keyboard letters

  1. qwerty
  2. asdfgh
  3. zxcvbnm
  4. qazxsw

3)      Words from the dictionary or common names

  1. dragon
  2. monkey
  3. baseball
  4. cricket
  5. master
  6. sunshine
  7. princess
  8. Michael or similar
  9. password
  10. superman

4)      Common phrases or combinations

  1. trustno1
  2. iloveyou
  3. rockyou
  4. letmein
  5. abc123
  6. babygirl
  7. lovely
  8. admin
  9. tom1990

Good Password rules:

1)      Password length should be at least 8 characters long using Capital and regular letters

2)      Turn a phrase into a word – “Mary had a little lamb” becomes “mhaLITTLEl”

3)      Substitute 1, @, !, 3, 4, 5, $, 0 for alpha characters –  “hellodolly” becomes “h3!!0d011y”

Ideally, you’d use a combination of the above, use a different password for all sites and include extra numbers or &,#,! characters.    As an example, “Mary had a little lamb” becomes “mh@1!TT1E1!”

Problem with banks:

Some account websites such Road and Traffic Authority (RTA) and most banks only allow alphanumeric characters (e.g. A to Z and 0 to 9).   In other words, they do not support characters such as – !, &, and $.   The suggestion is to use number substitution, capital letters and phrases.     5 substitutes for S, 4 for A, 1 for I, 3 for E and 7 for L.    “Mary had a little lamb” is now Mh47ITT737.

Other Good Passwords and Memory:

If you cannot think of a phrase or find it too difficult, another technique to create a strong password is to interleave words and numbers.    For example, the password Mark1992 is a weak password, although easy to remember.    To create a strong password from this weak one, you can interleave the numbers and letters to become M1a9r9k2.

If remembering passwords is a problem, there are some password banks such as splash id which “remembers all your passwords in a safe space.   The idea is to log into the site, and cut and paste or apply your passwords.   See the secure password manager called SplashID at www.splashdata.com for an example of this.

Call your local technology partner for advice.

See our website for more:

www.EmpowerIT.com.au

or

www.EmpowerCS.com.au

About the author: Dexter Duncan is a Manager at Empower IT Solutions. Contact Dexter at dd@EmpowerIT.com.au

References:

1)      Forbes – 25 “worst passwords” of 2011 Revealed, by David Coursey, Nov 23, 2011

2)      Imperva’s white paper, “Consumer Password Worst Practices” www.imperva.com

See also website called www.howtoanswer.com/howto/computers/how-to-create-a-strong-password

3 thoughts on “Security Education part 2: Safe Passwords

  1. Pingback: 4 Causes of e-mail Blacklisting and how to fix it (part 1) | Cloud Nerve Network

  2. Pingback: 3 Security Tools to fight and manage blacklists (part 2) | Cloud Nerve Network

  3. Pingback: 3 Best Practice ideas to stop e-mail Blacklisting (part 2) | Empower Consulting Services

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s