What! You’re Still Using 123456?
Unbelievable. SplashData, a Los Gatos CA web security company, released its annual list of the “Worst Passwords” this week. “123456” and “password” continue to hold the top two spots in their 2014 report of the worst passwords in a list generated from more than 3.3 million passwords that were leaked during the year, mostly from users in North America and Western Europe. Other bad passwords were various easily guessable combinations of letters and numbers: 123abc, 123123, and simple words such as “access” and “qwerty”
Of course, most of us have numerous online accounts that we access with varying degrees of regularity, and keeping track of the details is not easy. I have about 50 myself, ranging from the regularly accessed accounts for Facebook, Amazon, eBay, Twitter, financial, education and healthcare sites, through to the infrequently accessed ones such as the Sears Parts Store. Using a common, easy to remember password is very tempting, but it does put you at risk for having your account comprised if someone tries to break in.
I have always tried to use what I considered to reasonably strong passwords. At first I kept track of them in a paper notebook, and then later in an encrypted file so that I could record password updates easier, and also copy-and-paste from the file when I logged in to an account. Still, it was a chore to think up passwords and record them in the file. So about two years ago I started to use LastPass password manager. LastPass is one of a number of password managers that are available. Others include Roboform, Dashlane, Norton Identify Safe, and SplashID from SplashData — the authors of the “Worst Passwords” Report. LastPass works by storing your account details online, protected by a single hard to crack password. The application can then generate random, unique passwords for all of your individual accounts, and provide the convenience of automatic logon. Depending on the individual password manager application they may offer other convenience features too. For instance, LastPass has a smartphone app version, I can keep secure notes in it, and even securely shared username and password details on select accounts with family members. Of course there is still that nagging concern about storing passwords on line (what if the LastPass servers get hacked, and the encryption for my secure data get broken.) For that reason I still don’t keep my financial accounts login and password in LastPass yet.
And, of course, protecting your accounts with strong passwords is only part of the overall solution when it comes to being secure online, There are other things such as malware, viruses, trojans that can comprise your security. Keep your computer’s operating system, internet browsers and applications updated with the security latest patches. Make sure you run firewall and virus protection. When using open Wi-Fi in a public place, there is always the possibility that someone could be monitoring the data flowing between your device and a website. If you logon to an online account that doesn’t use an encrypted connection (encrypted connections have an address that begins with https://) your username and password can be easily captured, no matter how obscure they are.
So come on. If you are someone that is still using “123456”, or “password” or some other guessable password, or you are using the same password across multiple accounts, then do yourself a favor and make your online presence more secure. Choose a solution that works best for you, be it a password manager application, a securely held paper record, or another approach. Don’t continue to put your accounts at risk. You can’t control whether or not a hacker breaks into a companies network at the server level, but you do have the control, and responsibility to make your individual account hard to break into.
Works Cited
SplashData, Inc. (2015, January 20). “123456" Maintains the Top Spot on SplashData’s Annual “Worst Passwords” List. Retrieved January 24, 2015, from http://splashdata.com/press/worst-passwords-of-2014.htm
