I’ve been using my dog’s name as my password and my colleague was really sarcastic about how dumb that was. Okay, what makes a good password, Dave?
Your dog’s name, your child’s name, an easy to enter pattern on a keyboard, all of those are indeed poor passwords, even though you may think “how could a bad guy know the name of my dog?” The problem is that it’s not some unkempt hacker in their mom’s basement trying to figure out your password, it’s a software program with access to a huge dictionary of not just the English language but common names, variations, reversed words, and more.
In fact, a company called SplashData analyzed passwords from millions of accounts by digging through hacked and then released datasets from big companies. And out of those millions of accounts, the most common password they found was “123456“. So on the bright side, at least your dog name is harder to guess than that!
Also in the top ten are “password”, “12345”, “12345678”, “qwerty”, “123456789”, “1234”, “baseball”, “dragon” and “football”. You can read the entire list if you’d like, it’s quite interesting actually.
But let’s talk about passwords. Go to change your password on your Windows 10 system, for example, and it prompts you as usual:
Certainly that key icon fills me with confidence. I mean keys, padlocks, security, right? But click on “Change” and once you’ve validated your own account, it’s clear that there’s not much guidance from Microsoft on how to pick a good password:
Try to enter a bad account password – like my attempt with “1234” – and rather than just accept it, Windows 10 will complain and offer some suggestions:
On the Mac side, it’s a similar sort of thing:
But see that tiny key icon on the Mac window? Click on it and up pops one of the least known features of MacOS X: The Password Assistant:
It’s quite a neat feature and makes it really easy to quickly generate a strong, impossible to guess password that you still have some chance of remembering. In the above you can see it’s suggesting a good quality password of “Verne33!awol” which meets all the best practice rules for passwords.
And what are those rules? Here’s what you should aim to have with every password:
- Upper and lower case letters
- One or more digits
- Punctuation symbols
Longer passwords are always more secure too, so instead of aiming for the minimum length, try something a few characters longer.
If your dog is named Bailey, for example, then “H1Bailey!!” would be a good, simple, easy to remember password that’s still difficult to guess or crack. Not too difficult, and that’ll get your colleague off your back about passwords!
In my case I use a program called (Dashlane) So far so good. That little program generate strong password.
There are so many free password managers available for download,it is a shame that everyone does not have a strong password. All password managers will generate secure passwords of any length you choose and store them in a secure database. Keepass and Access Manager are two that I have used for years. When using a password manager, you only have to remember one strong password to access the database and the others are then available immediately. Managers also assure that you can have a completely different password for every online account thus keeping other accounts safe if one is successfully attacked.
When I entered a password similar to the one I actually use, on an online resolver that calculated how strong a password was, it advised me that it would take 150 centuries to crack it. I used upper & lower case letters, numbers, special characters and used a word that has a silent letter and left that letter out. My password’s are so complicated that I actually have a file folder,under lock & key, that contains all my accounts, logins, passwords and security question. Also, my spouse and I are the only ones on our computer.
I’m to the point where I really hate passwords. Maybe because I fall into the dog name category. Hate when I’m given rules for password length and content. Sure I’m careful with my banking password but if a web site doesn’t have my credit card or other vital info about me (DOB, SSN, etc.), who cares?