Smart Buyer
  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
Top Posts
PC Cooling: How to Set up Computer Case...
5 Ways to Stream from PC to TV...
How to Choose the Correct RAM Upgrade
How to Troubleshoot a PC Power Supply
Four Apps that Make Your Tablet a Second...
6 Reasons Your PC is Slow and How...
2019 Solid State Drive (SSD) Buying Guide
How-to Guide: Small Office Network Setup
Born in the USA: Computer Hardware Made in...
Computer Monitor Buying Guide 2019

Smart Buyer

  • Shop On NeweggBusiness
  • Categories
    • Buying Guides
    • Components
    • DIY and How-to
    • Industry Trends
    • NetSec
    • Networking
    • Storage
    • Systems – PC & Laptop
    • Windows
  • About
  • Why NeweggBusiness?
  • Contact Us
NetSec

You Don’t Have the Worst Password of 2014, But You’re Still Making Password Security Mistakes

by Adam Lovinus January 20, 2015
by Adam Lovinus January 20, 2015 6 comments 6000 views

Predictably, the annual SplashData list of worst passwords is chock full of awful password security blunders. This year we see the usual repeat offenders again—keyboard patterns like “123456” and “qwerty” at the top positions, with first names like “michael” and superheroes like “batman” and “superman” all making the top 25. If there’s any consolation, “password” is not number one this year, though it is in second place.

I would like to think our readers are sophisticated enough to avoid these passwords. Have a look at the 25 Worst Passwords of 2014—but don’t poke fun, as nearly everyone is doing something wrong with the passwords they utilize.

1    123456 (Unchanged from 2013)
2    password (Unchanged)
3    12345 (Up 17)
4    12345678 (Down 1)
5    qwerty (Down 1)
6    1234567890 (Unchanged)
7    1234 (Up 9)
8    baseball (New)
9    dragon (New)
10    football (New)
11    1234567 (Down 4)
12    monkey (Up 5)
13    letmein (Up 1)
14    abc123 (Down 9)
15    111111 (Down 8)
16    mustang (New)
17    access (New)
18    shadow (Unchanged)
19    master (New)
20    michael (New)
21    superman (New)
22    696969 (New)
23    123123 (Down 12)
24    batman (New)
25    trustno1 (Down 1)

You have to laugh at 25. Was Agent Mulder from X-Files breached this year?

Keep in mind that these are the worst of the hacked; SplashData compiles the list from 3.3 million compromised passwords, so we can safely assume most aren’t as awful as the ones on the list.

Even passwords commonly thought of as “strong” are still at risk given the level of sophistication that modern hackers have with home-built supercomputers running WPA cracking Hashcat programs. If any of the following applies to your password security behavior, you’re placing yourself at risk.

Your password has fewer than eight characters. No matter the combination of special characters, capital letters, or numbers, a short password can fall victim to a brute force attack. Hackers with overclocked multiple-GPU setups are able to cycle through as many 6.2 billion password combinations every second. That is enough crack a password under eight characters in the course of an afternoon.

You’re using dictionary words. These areanother door-opener for brute force attacks, which may run through the English dictionary hunting for your password.

You’re employing the same tricks as everyone else. Replacing “e” with “3,” or “I” with “1” in a password isn’t fooling today’s hacker software either, which can run through the dictionary with commonly swapped-in numeral combinations.

You’re duplicating passwords on your accounts. This simple stop-gap measure can save your bank account if someone cracks your yoga studio’s database and compromises your username and password used to logon to that site. It’s better that hackers book a fraudulent vinyasa flow class in your name rather than empty your main checking account.

You’re caching your password in HTML web forms. All of us have selected a browser’s “remember this password” option for a web service like LinkedIn or WordPress. This caching of the username/password makes it plainly visible using the browser’s Inspect Element tool. Many sites have patched this flaw, but in older legacy corporate systems, it may still be visible via Inspect Element.

You fail to change your passwords. A moving target is harder to hit. Keep that in mind.

Your false sense of security leaves you open to phishing attacks. Users taking all the right preventative measures choosing their passwords are still prone to give it out. Phishing attacks are becoming more personalized, and in turn, more effective—research indicates that phishing costs businesses USD $5.9 billion annually in 2013. Attacks may come by way of phony e-mail, Lync message, or even a hacked website. For advice on thwarting these sorts of attacks, see: Vigilant Users Are the Best Malware Tools; 10 Steps for Effective Anti-Phishing Training

You refuse to use randomly generated passwords. The consensus that a random password consisting of letters, numerals, and special characters that is 8-12 characters in length is the most secure option. The only thing is that these passwords are difficult to remember, especially if you have to use dozens of different random passwords for all your accounts. The best bet for going this route is to use password management software. There a several options to explore.

  • Steganos Password Manager is geared toward small business use.
  • Security suites, like Kaspersky 3.0 and Webroot Internet Security Plus for instance, offer password managers bundled in.

Just because you’re not using “logmein” for a logon password doesn’t mean you or your users can let your guard down. The number one rule about password security is that you can never be too careful.

Adam Lovinus

Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

More Posts - Website - Twitter - LinkedIn - Google Plus

Summary
You Don’t Have the Worst Password of 2014, But You’re Still Making Password Security Mistakes
Article Name
You Don’t Have the Worst Password of 2014, But You’re Still Making Password Security Mistakes
Description
Have a look at the 25 Worst Passwords of 2014—but don’t poke fun, as nearly everyone is doing something wrong with the passwords they utilize.
Author
Adam Lovinus
hackpasswordsecuritysoftware
6 comments
0
FacebookTwitterGoogle +PinterestEmail
Adam Lovinus
Adam Lovinus

A tech writer and Raspberry Pi enthusiast from Orange County, California.

previous post
5 Ways to Mitigate Cloud Computing Risks
next post
Laptops for Students: Acer and Lenovo Add Durability Features, Processor Upgrades

Related Posts

How to Choose the Best Antivirus and Antimalware...

March 17, 2021

Remote Workforce Security: Tips and Best Practices

December 9, 2020

Aruba Instant On Wants to Simplify Your Small...

August 2, 2019

What is ‘Fileless’ Malware Found Inside Server Hardware?

October 4, 2018

How to Layer Antivirus Software Without Slowing Your...

May 21, 2018

Securing the Office Printer in Six Steps

May 14, 2018

How to Wipe a Hard Drive Securely

April 23, 2018

Six Router Features That Optimize Small Business Networks

March 21, 2018

Secure a Wireless Network with Access Point Isolation

March 7, 2018

How to Work Remotely While Keeping Secure and...

November 14, 2017

6 comments

Avatar
migwans42 January 22, 2015 - 12:45 pm

I prefer using an obscure language, like Klingonese…(no, that isn’t the one I use, so don’t look for the Klingon dictionary, hackers!)

Reply
Adam Lovinus
Adam Lovinus January 22, 2015 - 12:56 pm

Mine are in Dothraki.

Reply
Public Wi-Fi Security Tips - HardBoiled April 29, 2015 - 11:55 am

[…] You’re Making Password Security Mistakes […]

Reply
Achieve Two Factor Authentication Using Only Your Brain Waves - HardBoiled November 16, 2015 - 4:11 pm

[…] are lousy means of protecting sensitive data largely because users have the tendency to choose laughably bad passwords. Even having a great password does not offer total security either; WIRED writer Mat Honan tells […]

Reply
Avatar
Robert November 21, 2016 - 8:53 pm

Full of wrong.

Nist recently released a draft paper on password security that is exactly what many of us have been saying for years.

Random passwords, rotated regularly, and an infosec disaster.

There is a finite limit to how many random digits a person can remember.

And a password manager is a pretty lame solution for a host of reasons.

Fact is, show me an org that enforces that practice, and I’ll show you a facility I can walk through flipping keyboards and harvesting passwords .

What makes a lot more sense is pass phrases.

But you have to allow enough characters to allow free form password composition.

For run of the mill passwords, I suggest my users simply pick out three objects and munge them together.

For more secure passwords, they may need to add words and use substitutions and odd characters.

We also enforce 2-factor in our systems.

It’s not that hard to remember:

ToDaywhenIcreatedthispasswordwasacrappydayindeed

than it is to remember some random string.

It doesn’t need to be written anywhere, and doesn’t require a password manager.

It should never have to be changed unless there is reason to believe it’s been compromised.

I have about two dozen like that.

None are written or stored anywhere outside my head.

Reply
Adam Lovinus
Adam Lovinus November 22, 2016 - 4:24 am

How about hollermountain4ever and dontshipthecoldbrew for the Stumptown domain?

That’s a good look on the 2016 NIST paper, thanks for pointing that out.
https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/

I like the change in direction since this article was published, particularly:
* No forced PW updates for users
* Allowance of more characters for phrase-style PWs
* and wow, Emoji support

… with that, time to update this article.

Reply

Leave a Comment Cancel Reply

Save my name, email, and website in this browser for the next time I comment.

  • 1

    PC Cooling: How to Set up Computer Case Fans

    February 11, 2021
  • 2

    5 Ways to Stream from PC to TV or Digital Display

    May 23, 2016
  • 3

    How to Choose the Correct RAM Upgrade

    March 10, 2021
  • 4

    How to Troubleshoot a PC Power Supply

    July 11, 2018
  • 5

    Four Apps that Make Your Tablet a Second Monitor

    January 9, 2018
  • 6

    6 Reasons Your PC is Slow and How to Fix It

    February 28, 2019
  • 7

    2019 Solid State Drive (SSD) Buying Guide

    December 6, 2018
  • 8

    How-to Guide: Small Office Network Setup

    December 20, 2018
  • 9

    Born in the USA: Computer Hardware Made in America

    September 27, 2018
  • 10

    Computer Monitor Buying Guide 2019

    January 4, 2019

Newegg + Business

How is this different from Newegg.com?

Why NeweggBusiness?
  • Facebook
  • Twitter
  • Linkedin
  • Email