Make time for password security
123456.
It may be the simplest — and easiest to guess — string of characters. And yet, one out of every 142 passwords uses this exact sequence, a careless and unnecessary mistake that people should take the time to avoid.
Every time a company is hacked, troves of information are inevitably leaked online. Billions of login credentials to a wide variety of websites — banks, medical services, social networks — are currently available in varying corners of the web.
Ata Hakcil, a Turkish computer engineer and researcher, took 1 billion of the logins leaked online and analyzed the near 170 million passwords included to study password security. The results were disheartening.
More than 7 million people used “123456,” while the equally lazy “123456789” and “password” were not far behind. These predictable patterns appear frequently throughout the 100 most common passwords compiled by Mr. Hakcil.
The research identified a number of other patterns that make guessing passwords a breeze for determined hackers.
For instance, the average password is far too short. While cybersecurity experts recommend at least 16 characters, but preferably 24 or more characters, the average password contains just nine characters.
What’s more, those characters are extremely predictable. Twenty-nine percent of passwords use only letters and 13% use only numbers, meaning 42% of passwords use characters susceptible to a “dictionary attack” — a rudimentary hacking technique that pulls possible passwords from dictionaries or previous data breaches.
Fortunately, beefing up one’s password security requires just a little effort and can have a profound impact on personal security.
There are a wealth of tools — paid or free — that will generate lengthy passwords, using special characters and other unusual strings to reduce the risk of the password being sniffed out by a hacking program. Many of these programs will store the passwords for you or, for additional security, old-fashioned pen-and-paper can do the trick.
People should also refrain from using the same password on multiple sites whenever possible. Using one password makes it easy for a bad actor to gain access to a person’s entire life.
Passwords should also be changed frequently. Cybersecurity expert recommendations range from every 30 days to every 90 days. This may seem like a hassle — most people would prefer to set a password and forget about it. But financial and medical companies are often targeted by hackers, meaning that people’s most sensitive information could be at risk. Taking a few minutes every few months to change a password is a small price to pay for some security.
People are justifiably concerned about data collection and privacy invasions by corporations or governments. But before even concerning one’s self with those complex and multilayered issues, setting a sensible password is the most direct and personally impactful way to secure a measure of digital security and privacy.