Secure Password Recommendations and Research

You have a lot of things you try to keep secure, and some of them you simply have to put in other people’s hands because you can’t do it on our own (like your website *hint hint*). However, there are some things you do have control over and a big one is passwords. We all get to decide our unique words (or numbers or made-up gibberish) to protect our account, but how good is your password?

I recently read an interesting analysis where passwords were revealed with constructed charts specifying which were most common. The main thing I learned is that if your password is “123456″, change it immediately. Other common ones were “jesus”, “qwerty”, “password” and other very basic passwords.

Why Worry About Having a Secure Password?

A personal password is an important thing and yet many of us just pick something that first day of signing up for an e-mail or whatever else and stick with it forever without re-examining whether it’s even a good password or not. However, for most of us that is good enough. Most people won’t have their accounts hacked or broken into and it’s possible that if you do, there really wasn’t much you could do in the first place (like here, where a Trojan was designed to steal banking passwords). So what’s the point of even thinking about it? Well, it still happens — usually not in a “I’m a hacker going to steal your credit card info” but more of an “I’m a jealous (ex-)partner and want to make sure you’re not cheating on me” type of way. And whether you are cheating or not, I doubt you want anyone going through your e-mails or anything else without your permission. (However, if you have a website you should make sure your password is secure or else spam could be the only thing your customers see — if you’re not using our services that is.)

What Makes a Secure Password?

So now if you’re wondering what constitutes a good password, well as a previous link mentioned, the more characters you have, the harder it is to break into, with each additional character making it quite a bit harder. Using an 11-character password might seem like a lot, but once you start using it you learn to type it pretty fast (or you’re letting your browser save it for you, in which case why not have a 20-character password). Additionally, don’t just pick the first object you see or the first thing someone says to use as a password, make it something completely random — and then throw a capital and a number in there just to be sure.

Despite all of this though, even all of those common passwords combined made up about 4-5% of the total so it seems that most people are using something more original than “123123″. You just want to be sure that, at the very least, your password can’t be broken into by someone simply looking at a “most used passwords” list and then trying them out. That would be stupid.

*UPDATE*

With the recent leak of around 10,000 e-mail accounts and passwords, new statistics are already popping up about them. Rather than make a new blog post about this, I figured I might as well just add them to this one. It’s no surprise that the most common password found was “123456″, although it is a bit odd that the next highest is “123456789″, but I guess these users just decided it’s better to go across the entire row of numbers than stop somewhere randomly in between.

The most interesting thing that these statistics seem to reveal, though, is that 1) The phishing scam was targeting a particular ethnic group, and that 2) You can know that just from seeing the passwords! Frankly, if your password is good enough, no one should have the slightest clue about you — not race, ethnicity, gender and perhaps even what language you speak.

I understand that a lot of people never want to change their password once they’ve created it, but if that’s the case you should make sure it’s a high quality password. I also know that the first moment you create a password is a critical moment, because you begin using it more and then before you know it, it’s ingrained and you’re afraid to change it because you might forget the new one. If that’s the case, I hope it works out for you and for most of you it probably will. But there will always be a few that will wish they had updated their password so don’t become one of them.