Weak Passwords

How to Avoid Creating Weak Passwords

You have likely heard that using strong passwords is an integral part of protecting a company’s data. But do you know what makes a password strong or weak? To find out, here is a quick weak passwords quiz:

Take a look at the list of passwords below. (The quotes are not part of the passwords.) Which of the following are strong passwords?

  • “football”
  • “123456”
  • “qwertyuiop”
  • “passw0rd”
  • “1qaz2ws”

The answer is none of them. In fact, all these passwords were on SplashData’s “Worst Passwords of 2015” list. Knowing why these passwords are weak can help you avoid making the same mistakes when you create your own passwords.

Why they are weak passwords.

“football” (No. 7 on the Worst Passwords List)

The password “football” is weak on several fronts. First, it includes only lowercase letters instead of a mix of uppercase and lowercase letters. Further, it is a word that you can find in a dictionary. Cybercriminals often use software that systematically tries every word in a dictionary as a password. This is known as a dictionary attack.

Besides not using words in the dictionary as passwords, you should not use proper nouns or foreign words. You should also steer clear of creating passwords that incorporate business or personal information. For example, do not use a password based on when and where you started your business, or an activity you enjoy. It is easy for cybercriminals to obtain business and personal information on social networks, such as LinkedIn and Facebook.

“123456” (No. 1 on the Worst Passwords List)

What is wrong with using a password like “123456”? To begin, it is too short. The shorter the password, the easier it is to crack. More important, it incorrectly uses numbers. Passwords should contain numbers but not in obvious strings (e.g., “7777777”). Cybercriminals often try entering strings of numbers before launching the more time-consuming dictionary attacks.

“qwertyuiop” (No. 22 on the Worst Passwords List)

While the length of “qwertyuiop” is adequate (10 characters long), this password does not include any numbers or uppercase letters. What is worse is that this password is common, as it is the top row of letters on a computer keyboard. Cybercriminals know which passwords are popular, so they will try them first.

“passw0rd” (No. 24 on the Worst Passwords List)

This password contains both letters and a number, which is good. However, it does not contain any uppercase letters and it is commonly used. It is not as popular as “password”, though, which is No. 2 on the worst passwords list.

“1qaz2wsx” (No. 15 on the Worst Passwords List)

At first, “1qaz2wsx” might look like it is a strong password, but it is not. Besides containing only lowercase letters, it is a well-known password among cybercriminals. On a computer keyboard, it is the first two columns of keys containing numbers and letters.

Guidelines for Creating Strong Passwords

When creating a password, follow these guidelines:

  • Think of a long, random password that is hard to guess. At the minimum, the length should be eight characters — the longer, the better.
  • Use numbers but not in a predictable pattern.
  • Use uppercase and lowercase letters.
  • Use special characters (e.g., percent sign, exclamation point, dollar sign) when possible.

An example of a strong password is “8%&KY4&$XzwMhfrk”. On an average computer, it would take a cybercriminal more than 10,000 centuries to crack this password using a brute-force password-cracking tool, according to Kaspersky Lab. These tools try every possible character combination as a password. Even on the world’s fastest supercomputer, Tianhe-2, it would take a cybercriminal a year to crack “8%&KY4&$XzwMhfrk”. In contrast, it would take a cybercriminal one second to crack “passw0rd”, “qwertyuiop”, “football”, and “123456” on a home computer. Cracking “1qaz2wsx” would take 33 seconds.

As part of your free security evaluation, Multi IT can help you determine whether your organisation’s passwords are adequate. If you are having trouble creating strong passwords, please feel free to ask Multi IT & Telephony Solutions for a password manager that you can use. Password managers automatically create strong passwords and securely store them for you. Our Managed Service customers enjoy the benefit of all their passwords being secure and securely stored and managed, giving them peace of mind and world class security. Contact us today to discuss your requirements.

Leave a Reply

Your email address will not be published.