Berlin (dpa) – Some web users still don’t get passwords, adopting easy-to-crack phrases such as “123456”, “password”, “qwerty” or “baseball” to protect their computers and mobile devices, a new survey shows.
Those were some of the entries distinguished as the top 10 worst passwords of 2014 by SplashData, a security company, which checked 3.3 million compromised data sets across North America and West Europe to come up with its list.
SplashData says “qwerty” which is the top row of letters on an English keyboard or a straight sequence of numbers are passwords that are as good as useless.
It noted, with some unease, that the combination “12345” (without 6) jumped from 19th to third place last year.
There was no investigation of who uses the simple passwords, though “123456” is thought to be common among elderly, cognitively impaired or illiterate users of the web.
But some users may simply be erring out of sheer laziness.
It’s not too hard to pick a secure password – one that won’t get you mocked in next year’s list. Here are some simple guidelines:
LENGTH – Your password should be at least 12 characters long, advises Germany’s Federal Office for Information Security.
If you’re protecting a WAP or WPA2 encrypted network, seek one out that’s at least 20 characters long.
VARIETY – Use upper- and lower-case letters, special characters and numbers to reduce the likelihood of someone cracking your password.
THINGS TO AVOID – Don’t use names or birth dates of family members or established combinations of letters and numbers. Avoid a series of numbers.
In general, your password should not be a word that can be found in any dictionary.
NO EASY TRICKS – If one assumes that neither “password” or “123” are safe passwords, then there’s no reason to think “password123” is safe either.
UPDATE – No password will last forever. For security reasons, change it every few months. At the very least, change it every half year.
CAUTION – Don’t send password information via e-mail and never share one with third parties. E-mails can generally be read and captured by third parties.