How important is it to have secure passwords

Earlier this year, Keeper Security wrote an article about the most common passwords used in 2016. The list showed that many people are still using very weak passwords that would easily be cracked in seconds or minutes by any mildly competent hacker.

Some of the most popular passwords were:

123456
123456789
qwerty
12345678
111111
1234567890
1234567
password
123123
987654321
qwertyuiop
mynoob
123321

which seems to show that many people do not consider that the security of their online accounts are important.

What makes a secure password?

A secure password should be unique, meaning that it is not re-used across many services, is at least 10 characters long and made of a random selection of upper and lower case letters, numbers and special characters.

Let me explain why...

One of the first thing a hacker might do if he/she gets hold of a password is to try to login to other online services in the hope that the password has been re-used. This means that, if you have used the same password for Facebook, Twitter, Amazon and an online shop, if this password is compromised, the hacker will probably have access to all your online accounts.

You may think that it is OK to re-use a password if that password is very secure, but what if one of the online services you are using has been hacked into and the database stolen? If the online service has used a weak encryption or perhaps no encryption at all, the password could be recovered by the hacker and used to login to other services where you have re-used it.

This is why passwords should be unique.

Studies have shown that a complex password that is short is more vulnerable than a very long password that is made of a string of memorable words. For example, something like 'H4#f6d' is less secure than the password 'logseacheeseexplainleaves'. The reason for that is 'entropy', a measure of the number of possibilities a system can have which means that the longer the password, the more possible permutations exist and therefore the more secure it is.

The third most important aspect is randomness as any password that follows a pattern is going to be easier to crack. For example, some people believe that something like 'qwertyuiop' is a very strong password. Unfortunately, it would be very easily cracked as it follows a pattern on the keyboard that hackers know might be used. Other patterns might be numbers in increasing or decreasing order or strings where a number resembling a letter has been used instead of that letter, for example an exclamation mark used instead of the letter 'I'.

Never use anything that might be connected to you such as names, locations, dates or any words that might be found in a dictionary, unless you choose a very long password made of a string of unconnected words.

The best passwords are therefore going to be those that are unique and combine length with random characters. I can already hear you telling me that it is not practical, you will never be able to remember them. I agree and this is why you should use a password manager like Roboform or LastPass, then you will only need to remember one very strong password and all the others will be stored securely in the application.

Most password manager will be able to generate random secure passwords automatically for you which means you do not even have to spend time making one up whenever you register on a new site.

Click here for a list of recommended password managers.

View all blog posts