- by Chad, "Dream", Weaver
It has finally come to the time where I can no longer stay silent on this topic. The Gawker hack. I am not even really concerned with the hack that has been covered enough in the news. Or even that there were users using the same password at multiple sites. I can say that I use a different password at every site that I use, but I do this for a living and can understand that using secure passwords for every site can become harder to manage. That isn’t the cause for this rant; today I saw something much, much, more disconcerting; something that shocked me to the very core of my IT Support loving self. Today I saw the most common passwords that were in use by large numbers of users was shocking.
I think before I go in to the specifics, there was a similar breach of user’s information from the service Rockyou.com where the most common passwords in use were reviled. Now considering how public this information was you would think we would learn from our mistakes. How wrong I was, how utterly wrong I was. One of the number one passwords that were in use at Rockyou was 123456. Can you guess what that’s up there on this list too? If you are reading this and you are using this password anywhere, please, I beg of you - change it right now. You can finish reading this in a couple minutes, please! Ok enough pleading, drum roll please.
- password (No caps)
- passw0rd (Seriously, not any better you are not fooling anyone)
- 123456 (Any combination of keys in a row is not secure)
- qwerty (This is no better then 123456)
- lifehack (lifehacker.com was one of the included hacked sites)
- letmein (I love this one)
- monkey (Any word found in the dictionary shouldn’t even be considered and adding the #1 to the end doesn’t cut it either)
- cheese (same as above but so quirky I had to mention it, plus I do love cheese just not for a password)
- 11111 (This isn’t even trying)
My comments may seem a little harsh, but this isn’t 1999 where the internet is a novelty invented by Al Gore. Our lives are run on there now, our bills are paid information you would want no one else to ever have access to but desire at our fingertips is there. Passwords like the ones above are like leaving the keys in the car with the window open and the engine running. Now when you come back the car might still be there, but you do this enough, some day you will come back to that car to find it gone. And just like the car analogy, it could have been prevented, had you taken some simple steps, perhaps remove the keys from the ignition and lock the car door. It is the same for password security, I know it is hard to keep all of your passwords straight, but there is no excuse for these kind of passwords, none.
One of the easiest ways to come up with a secure password is to use a phrase something that means something only to you, and to mix it up securely making an air tight password. Some things to consider, if it’s a word in the dictionary just don’t user it ever, adding a number or 2 on the end of it doesn’t count either. Think up a phrase like I have a large brown dog his name is rex, I just made that up but for example it could be used to make a password like 1H@lBdhnIR!. This is a secure password, while meaning something to the creator is near impossible through any means to break. There are even different services that can do all this for you. One website to consider is Lastpass.com it helps keep a password list for you on their secure website, you will still need one secure master password to access your info, it also includes browser add-ons that can enter the passwords for you.
It is something to check out if you have trouble with keeping it all straight. Trigon prides itself on being a secure company and we help our clients do the same. Be sure to contact us if you would like a hand.