Are you the type of user with one “universal” password across numerous accounts? Or are your passwords simple and easy to remember? If so, it may be time to revisit your password habits. For example, if you see one of your passwords on this list of the most common passwords in the world – it’s now seriously time to make changes.
You could be putting your sensitive data at risk. In 2022, individual users face an increasingly sophisticated range of cyber threats.
As Sophos’ 2022 Threat Report notes, “cybersecurity never stays still”, and this year is no different. The startling rise of Ransomware as a Service, advanced social engineering tactics, and well-disguised malware have put Windows users at heightened risk.
Your passwords are one of your key lines of defense, and an essential tool for keeping your accounts secure. Let’s take a look at what constitutes a good password and what makes for an easy target for hackers before diving into greater detail.
What makes a strong password
- Contains no personal information
- Does not include consecutive numerals or letters
- Is not a known word, such as “word” or “windows”
What makes a weak password
- Features personally-identifying information
- Includes consecutive numerals or letters
- Is a known word
- Easy to guess
Creating better passwords, your handy guide to password “rules”
Now that we’ve covered what a good password should look like, let’s take a closer look at each of the factors involved.
The National Institute of Standards and Technology (NIST) notes that length is more important than password complexity, but that doesn’t mean complexity can be cast aside.
For example, both these passwords are equally hard to crack: “password1234password0987” and “P756$gdhetsR9”.
When creating complex passwords, use a combination of:
- Upper (ABC) and lowercase (abc) letters
- Special characters such as &#$)*
- Punctuation such as periods or full stops, dashes, colons, and so on
A good password manager (more on those later) can generate secure, complex passwords for you, saving you the trouble of creating these yourself.
A word of warning if you’re a Chrome browser user: try and avoid letting Chrome suggest and save passwords for you. While these passwords may be complex, you’re likely using Chrome to log in to other accounts or services across other devices. When connected, these services you use are at risk of getting hacked if your account is compromised.
Number of characters
Research into the most common passwords reveals thatan alarming amount of them are too short. In the United States, for instance, users seem to favor “iloveyou” while in Norway, it’s “welkom.” In previous years, research showed that both “1234” and “qwerty” were among the most common passwords; both are easy to guess and are very short as well.
According to the Center for Internet Security (CIS), length is the hallmark of a good password. Statistically, passwords that consist of more than eight characters are harder to crack.
One way to achieve a good, lengthy password is to opt for a passphrase instead of a single password. For instance, “my9024became**ed‘causeEdwinadroppedit” (or along those lines). If you’re going down the passphrase route, remember mixing up a little bit and addingnumerals and special characters.
By creating a long and complex passphrase instead of a single password, you can include several regular and known words.
Top tip: Avoid known phrases in your passphrase, for example, “A stitch in time saves nine”, or titles such as “The girl on the train.”
Length and complexity are important, but so too is uniqueness. We saw that in our review of appropriate passphrases. If there’s any chance, however slim, that someone else is using your password or passphrases, switch it to something more unique.
And, of course, that means the most common passwords in use are also out. Goodbye “121212” and “qwerty123.”
Personal information is a big no-no
There’s no need to give threat actors a helping hand; they already have an arsenal of advanced technologies on their side. Thus, avoid any personal information in your passwords or passphrases.
Here are the types of information that should never be in your passwords:
- Pet and children’s names
- Birth dates
- Social security or driver’s license numbers
Keeping your passwords in order
You might be thinking to yourself: this is all well and good, but how do I keep track of these long, complex, and unique passwords? The good news is: you don’t have to.
A handy password manager such as LastPass or Dashlane can do all the heavy lifting for you. You can also take advantage of Microsoft Edge’s in-built password manager tool, but be aware that this is less secure than using a third-party add-on solution.
That rounds up our review of the key password rules for 2022. Are yours better than passable yet?