Researchers in the UK have revealed the top 10 worst, but most used passwords on the Internet and if your password is in that list, you need to change it right now urges an expert at Lancaster University.
In a paper co-authored by an expert at Lancaster University, Dr Jeff Yan, ‘123456’, ‘password’, ‘welcome’, ‘ninja’, ‘abc123’, ‘123456789’, ‘12345678’, ‘sunshine’, ‘princess’, and ‘qwerty’ are the top 10 passwords used on the internet and they are the worst when it comes to protecting your accounts. According to Dr Yan, unawareness about online security risks could be one of the major reasons why people continue using such passwords to protect their online assets – at least emails. The latest list of top 10 worst and most used passwords was created by the experts by using the leaked Yahoo database.
The research team also included researchers from Peking and Fujian Normal universities in China alongside those from Lancaster University. What they did for the research was to create algorithms that will guess passwords based on attackers having access to different personal information. The algorithms they developed were quite accurate – able to guess passwords for 73 per cent of ordinary users’ accounts. The capability of the algorithms didn’t end there as they were able to guess fairly complex passwords in 100 guesses.
Password choice matters a lot
There are several ways in which you can secure your digital data, but passwords are the most commonly used forms of authentication because of the simplicity with which it can be implemented. However, there is a major inherent flaw in password based authentication – the level of security offered by this method is entirely dependent on the complexity of the password that is set by the user. With more and more passwords to be remembers, it is natural for users to either use simple passwords or use the same password for multiple services or in worst case use a simple password and use it for all the online services he/she accesses.
This effectively means that password choice matters the most when it comes to securing your online assets. First and foremost factor to consider is that it should be difficult to guess. If you select something that is personally related to you, chances are that it won’t take for a hacker to guess it based on your information that is available online. Names of pets, children, favourite places including restaurants, date of births, etc are a big no no if you really want to set a complex and unguessable password.
Chose something that only you know and mix it up with special characters, and numbers and make sure you at least have 10 characters in your password. What you will have at your disposal is a password that is fairly complex and possibly not available in online dictionaries used by hackers to carry out brute force attacks.
This is just for one service thought – your mail account for example. When it comes to setting complex passwords for multiple services, the problem starts. Not everyone is great at remembering a whole bunch of passwords and that’s when laziness creeps in you start setting simple passwords again or jot them down on a piece of paper only to be picked up by a colleague or a family member or the janitor in the office who is working late hours. Refrain from this practice as it is one of the worst mistakes that you can make as far as password based security is concerned.
What you may do is jot down 5 words/phrases/set of characters that you will never forget. Make the phrases alphanumeric with a dash of special characters in between those phrases and you will have with you multiple passwords that are complex and not guessable. Use iterations of these passwords for your different online accounts.