How safe is your password? Do you have a schedule for changing your passwords? Have you thought about WHO thinks so much about passwords?
Lorrie Faith Cranor is an Associate Professor of Computer Science at Carnegie Mellon University, and she's been thinking about passwords a lot. In this TEDtalk, she shares the interesting results of studying thousands of passwords.
If you're still using "welcome" or "12345678" as your password, perhaps this is inspiration to make a change. SplashData, a security app producer based in Los Gatos, California, publishes a yearly list of the top 25 worst passwords. Is yours on the latest list?
- 123456
- password
- 12345678
- qwerty
- abc123
- 123456789
- 111111
- 1234567
- iloveyou
- adobe123
- 123123
- admin
- 1234567890
- letmein
- photoshop
- 1234
- monkey
- shadow
- sunshine
- 12345
- password1
- princess
- azerty
- trustno1
- 000000
So, how do you create a stellar password? Doug Aamoth, is a tech writer for the Times, and shares his best advice for passwords HERE.
Do you have a method or recipe for creating your passwords? Are you guilty of recycling your passwords? What's your best advice for remembering your passwords and/or creating a strong password?
None of my passwords are in the top 25, but I still anxiously wait for fingerprint reading technology to replace passwords forever.
ReplyDeleteNone of my passwords are in the top 25, either. They are all secure, but then I've had to write them down! So how secure is that?!
ReplyDeleteFor whatever it’s worth, for years now I have been using the web site
ReplyDeletehttps://identitysafe.norton.com/password-generator/
to create passwords. I typically use it to generate twenty to fifty password options and then I view the list to find one or more possibilities that I can break into ‘chunks’, or memorable units. For instance, I would break ‘PedR2Pustu’ into three units: the chunks “Ped” and “Pustu” are at least phonetically memorable and the middle chunk, “R2” is a no-brainer for anyone familiar with “Star Wars”.
Now, if I could just remember where I put my keys . . . .
Thankfully none of my passwords were in the top 25, but I do re-use a root word for many of my passwords. I also have had to write them down - there are so many to remember! I appreciate websites/programs requiring intensive passwords, but with so many to remember, it just makes it difficult and frustrating. I'm with Lonnie and waiting for something better to come out. Until then, I will be trying to keep track of all my passwords! Thanks for sharing!
ReplyDeleteLike many others, mine didn't make the top 25, but I definitely repeat them, and I have to write them down/keep track of them if I don't have the same one for every site, which is fine, but a pain and not very secure either. I should create a schedule for changing them, maybe adding a pattern for added help remembering them. I know I should do it.. and yet I haven't done it yet. Why is that??
ReplyDeleteI have to say I'm impressed by their creative research attempts to get access to people's password habits. The prevalence of symbols like "!" and "@" also surprised me at first, but not at all in hindsight. I loathe requirements that passwords include mandatory numerals, capitals, and symbols -- such requirements actually drastically cut a hacker's time to guess your password by restricting the search space. It's a great instance of something that's great advice, but becomes a liability when made mandatory.
ReplyDeleteI feel like we are asked to change our passwords more often which prevents us from using the same password to do our shopping, banking, and gaming. This still doesn't answer the question as to how do we remember all those passwords? The 2 minute video had a suggestion but I know for me I would have to really work on that and remember just the rules given. I use the same password with slight variations but then have to write them down. For me a necessary evil but I'm not sure of an alternative.
ReplyDeleteI admit, I use ! a lot! And I write down my passwords! And I'm constantly changing my passwords, where I have to send an email and wait for a reply so I can change it, because I can never remember my passwords. It's very frustrating!
ReplyDeleteChris I am in your boat---I just keep changing my passwords, often it seems. I am OK ith the ones I use everyday but the occasional websites almost always find we requesting a new password. I am not sure if this works to confuse the hackers or make their lives easier. I do have a method for creating passwords that seems pretty effective---at least it confuses my family, especially my husband, every time I share one with them---it involves substituting numeric characters for letters in relatively common phrases, song lyrics, etc. I am not sure of its ultimate effectiveness, but for now so far so good;-)
ReplyDeleteLisa left out the best tidbits of advice she gave me once in passing when we were in the computer lab: she tends to have one password that is more dominant for personal things (e.g., bank, pintrest, etc.) and another more dominant in professional things (e.g., twitter acct, moodle, etc.). I've always done that. The other thing she reminded me? Most password places "lock" you out after five attempts. So I learned from her to generate and interchange five passwords for sites. I usually hit it before I have to call and unlock my password or change it (AGAIN!). The grasshopper is learning...
ReplyDeleteJust in the past year I have started using a password keeper program/extension called LastPass that stores and enters my passwords on websites. It's nice to use but my partner hates when it automatically fills in my information for sites she wants to visit. Even though that irritation caused me to disable it on our home computer, it it still nice to have one place where all of my passwords are kept.
ReplyDeleteOne of my goals of using LastPass was to be able to create different passwords for each account. Except I don't. I still use a very similar password that I have simply just added to when I've been required to change or lengthen them.
I use the same couple of passwords over and over again. Those passwords are not on the Top 25 list, but it's probably not a good idea to use the same ones!
ReplyDeleteI like the idea of programs like LetPass that Tom mentioned. Is that kind of thing safe? My computer can remember passwords, too . . . isn't that the same thing?
Like Lonnie, I'm waiting for fingerprint recognition or retina scan security!
I use one "simple" password for sites where I really don't care if someone figured it out (checking my children's grades; access to Chronicle articles....). I use more complex ones --that all differ--for ones where financial information is held I have to write down something--so I write down reminders to what the password is--without writing the entire thing down--less secure than writing down nothing, I know.
ReplyDeleteNone in the top 25 so that is good. I do tend to reformulate several that I use (change a character or two). Hate it when I change a password then find out it affects another site or app. I'm with Lonnie, fingerprint or retina scan will work just fine.
ReplyDelete