Update June 15, 2013:
I stand by what I wrote here but please read as well my article "Passwords - The Latest".
I stumbled over an interesting web site maintained by security consultant Mark Burnett. Mark writes extensively about passwords and other computer security related issues.
What intrigued me is the utter ignorance some people show when selecting passwords. Take a look at the this little table with the arbitrarily chosen top 18 entries out of the millions of passwords Mark has analyzed.
The first column lists the actually used password and the second column how often it appeared in the analyzed sample. The obscuring with **** serves to disguise a foul four letter word.
What I want to emphasize are a couple of facts that by now ought to be common sense knowledge of anybody who uses the Internet:
password 32027123456 25969
12345678 86671234 5786Qwerty 545512345 4523Dragon 4321P**** 3945Baseball 3739football 3682letmein 3536
monkey 3487
696969 3345
abc123 3310
mustang 3289
michael 3249
shadow 3209
master 3182
- Never use any word that could be in any dictionary as a password.
Consider as well dictionaries of nicknames, pet names and common acronyms! - Don't use obvious sequences or repetitions.
- Make your passwords long enough. I consider 10 to 12 characters the minimum.
- CAPITALIZE some of the letters.
- Use one or two numbers.
The former article has become even more important after Yahoo admitted that just recently one of their services has been hacked and 450,000 passwords got posted on a publicly accessible web site!
On a side note: For years I have advised my customers to drop their Yahoo email accounts; seems this was and is reasonable advice.
As usual I welcome comments and suggestions right here in the blog. Thank you in advance.
Click here for a categorized Table Of Contents.
No comments:
Post a Comment