Please don’t use an easily guessable password!

theclub

Please don’t use an easily guessable password! Every time I read about hackers and their often-successful attempts to gain access to darn near everything, I think about the tale of The Club – a dark night, a street lined with expensive cars, some of them have The Club attached to the steering wheel, some don’t. A thief is strolling along with his Slim Jim looking for a quick and easy boost. He sees the cars that are outfitted with The Club and passes by, but grabs the best-looking car on the street that doesn’t have one. Just because there are so many other easy targets – he doesn’t have to work as hard. Not that The Club would stop a really determined thief, quick work with a hacksaw!

So think of your ubiquitous password – it’s sort of like The Club. Not a showstopper for a really determined hacker, but having a decent password is way better than having a poor one. Hackers will simply go for the low-hanging fruit on the internet – people with online accounts that are poorly secured with easy-to-guess passwords. And apologies to celebrities who’ve had their Apple accounts hacked and embarrassing photos posted, but the problem is primarily with lousy passwords. These days, hackers have sophisticated tools to try out thousands of passwords every second – a ‘brute-force’ attack that renders many people’s online security useless. So what do you do?

I have two tasks for you today:

  1. Use really good passwords, like 13 characters or more random characters including upper-case letters, lower-case letters, numbers and other type-able characters (the kind you see on your keyboard that are typed with the Shift key and a number or other key).
  2. Use a good password manager app

shutterstock_128600324

lastpassTo make things easy, let’s skip right to #2, since that’ll also take care of #1, hire yourself a good password manager. There are a lot of them out there, but we feel only two of them are ready for prime-time use. Comparing those two, we choose to recommend LastPass (the other being 1Password). The reason is that they both do a great job, but LastPass will cost you less in the long run. LastPass is free for computer use, and $12 US per year for use on a mobile device. 1Password appears to have a one-time cost of $70 US for Mac/Windows and while you can get the smartphone/tablet app for free, there’s an in-app purchase requirement. And most importatnly, when you buy 1Password, you only get a year’s worth of updates. You’ll have to buy the new versions as they come out – and you never want to use old versions of software that’s as important for your security as a password manager!

So with Lastpass, there is a yearly cost of $12 (purchase it on their website by choosing the “Go Premium” option) to be able to use it on your smartphone, as well as unlock the full functionality of LastPass. At anytime before or after that purchase, go ahead and install LastPass on every computer, tablet and smartphone you have. For computers, it’ll install an extension or plug-in to your web browser, which is how you’ll use it. For tablets and smartphones, install the app from either the Apple App Store or Google Play Store.

As part of this process, you’ll create an account with LastPass, which consists of a username and password. This password is the ‘last password you’ll ever need’, since it unlocks LastPass to allow you to use all the other passwords you’ll save in the password manager. Be sure to make this a good password:

Use really good passwords, like 13 characters or more random characters including upper-case letters, lower-case letters, numbers and other type-able characters (the kind you see on your keyboard that are typed with the Shift key and a number or other key).

Personally, I’d choose a password that’s at least 18 characters long, and create it by making up a sentence that you can memorize. Each word of the sentence translates to one or two characters of the password to be used (aka, a mnemonic). Here’s an example:

“Many people really hate it when you take two things and combine them to make something else.”

This becomes “Mprh8iwyt2t&ct2mse”

Advertisement

Woman whispering to man with a laptop, image from ShutterstockOf course, please make up your own sentence!  It’s best if it’s personal to you, and you certainly won’t use that passcode anywhere else, you’ll memorize it and never write it down nor tell anyone that passcode! Don’t worry, you won’t have to use it very often, your web browser can automatically log you into LastPass on your computer, and your smartphone can remember it for you too! Personally, what I really like about LastPass and my iPhone 6 is that my fingerprint also unlocks the LastPass app anytime I need to look up a password (like when I’m using someone else’s computer). LastPass also works within your smartphone’s browser.

This method only means you need one super-secret mnemonic passcode to create and remember. That’s the passcode to your password manager, which keeps track of the hundreds of other passwords you’ll use on websites, email accounts, etc.

Now, when you install LastPass on a computer, it will offer to import all the username and passwords that your web browser (Internet Explorer, Safari, Google Chrome, Mozilla Firefox, Opera, or whatever) already knows. Be sure to say yes to this option, it’ll save you a lot of time later on.

From now on, whenever you go to an online destination that has a login feature, LastPass will offer to fill it in for you (if it’s someplace you’ve been before), or offer to generate a new and complex password for you (if this is your first time at that website). You don’t need to keep track of that complicated password, LastPass does it for you. And finally, you can make it an ongoing project to change your existing passwords from whatever you were using before, to a new, LastPass-generated password by visiting the website’s password reset feature.

With complex passwords and a good password manager, your digital life has way better protection than The Club did for those cars on the street. But nothing is foolproof, and the hackers out there are highly motivated, well-funded, and working hard to discover new ways to crack into everybody’s private stuff. Your best defense is to keep up with the times – and we’ll help you: As we discover new and better security methods we’ll post them and help keep you up-to-date on what you need to do to keep safe online.

duosecurityNow if all this sounds too daunting, let me give you a little background. Our thanks to Duo Security for compiling a list of the 250 most-used (and therefore least secure) passwords. OK, I cut out the common passwords that aren’t polite to use in public, but you can consider these as also commonly used. You may want to peruse the list below – if you use any of these as a password, you should change it immediately!

123456, 000000, 123, 1111, 1234, 12345, 111111, 112233, 121212, 123123, 123321, 159753, 222222, 654321, 666666, 675309, 696969, 1234567, 7777777, 8888888, 11111111, 11235813, 12345678, 123abc, 123qwe, 1q2w3e, 1q2w3e4r, 1qaz2wsx, aaaaaa, abc123, abcd1234, adidas, alexande, amanda, andrew, anthony, apples, asdf, asdf1234, asdfasdf, asdfgh, asdfghjk, ashley, austin, babygirl, bailey, banana, bandit, baseball, basketba, batman, biteme, blahblah, blink182, booboo, booger, boomer, boston, brandon, brooklyn, bubbles, buster, butterfl, calvin, charlie, cheese, chelsea, chester, chicago, chicken, chocolat, cocacola, coffee, compaq, computer, consumer, cookie, coolness, corvette, creative, dakota, dallas, daniel, danielle, darkness, deadspin, december, diamond, dragon, drowssap, eagles, elephant, elizabet, ferrari, flower, fluffy, foobar, football, freedom, gateway, gawker, george, ginger, gizmodo, gizmodo1, godzilla, goober, google, guitar, gundam, hahaha, hannah, hello, hello123, Highlife, hockey, hunter, iloveyou, internet, jackass, jackson, jasmine, jasper, jennifer, jessica, jezebel, jonathan, jordan, joseph, joshua, justin, killer, kotaku, lauren, letmein, liverpoo, london, love, madison, maggie, martin, master, matrix, matthew, maverick, maxwell, mercedes, merlin, metallic, michael, michelle, mickey, midnight, monkey, monkey12, monster, morgan, muffin, murphy, mustang, naruto, nicholas, nicole, nintendo, nirvana, nothing, november, oliver, orange, passw0rd, password, Password, patrick, peanut, penguin, pepper, phoenix, pineappl, please, pokemon, pookie, poop, poopoo, popcorn, princess, pumpkin, purple, q1w2e3r4, qazwsx, qwerty, qwerty12, qwertyui, rachel, redsox, remember, rosebud, samantha, sample12, scooby, scooter, secret, shadow, silver, simpsons, slipknot, smokey, snickers, snoopy, snowball, soccer, somethin, sophie, sparky, spider, spiderma, startrek, starwars, steelers, stupid, summer, sunshine, superman, swordfis, taylor, tennis, test, thomas, thunder, thx1138, tigger, trustno1, tucker, turtle, valleywa, voodoo, welcome, whatever, whocares, william, winston, wordpass, yankees, yellow, zxcvbnm

I should mention that passwords and passcodes are case-specific. Meaning that a capital letter is different than a lower-case letter. And it may be hard to tell in the above list, but the number 0 and the lower-case letter o are almost identical. Same with the number 1 and the lower-case letter l, and there are other similarities. Just be careful and once you’ve typed your passcode a dozen times or so, it’ll start to come easier and faster.

And finally, hackers are now using computers with banks of graphics cards installed, that let them try thousands of passwords in seconds to hack your online accounts. Within minutes, they can crack into about 80% of all online accounts, just by using lists like the above. Just wait till they get quantum computing – that’s a real game-changer, and we’ll all have to come up with a better strategy for securing our digital lives!


This website runs on a patronage model. If you find my answers of value, please consider supporting me by sending any dollar amount via Click or tap to open a new browser tab or your Venmo app and send money via Venmo to @positek (send to @PosiTek), Click or tap to open a new browser tab or your Paypal app to send money via your Paypal account to support@positek.net (send to Support@PosiTek.net), Click or tap to open a new browser tab or your Paypal app to send money using your credit card to support@positek.net (no Paypal account required) using any credit card (no Paypal account required), or check or cash mailed to PosiTek.net LLC 1934 Old Gallows Road, Suite 350, Tysons Corner VA 22182. I am not a non-profit, but your support helps me to continue delivering advice and consumer technology support to the public. Thank you!

Go to Top of Page

2 Comments

  1. Pingback: Password Shorts - Practical Help for Your Digital Life®

  2. Ultimate Male Pills

    thank you for this terrific post, I am glad I detected this website on yahoo.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.