Password foolishness

by Chuck Solly | .(JavaScript must be enabled to view this email address) | Culture | February 8th, 2017

I didn't think this sort of thing still happened in this day and age. Using software that a nine-year-old could use, you could extract a password like the ones listed below in a few minutes. Do people really use these passwords? Yes they do.

Top Ten Bad Passwords for 2016:

1. 123456

2. password

3 12345

4. 12345678

5. football

6. qwerty

7. 1234567890

8. 1234567

9. princess

10. 1234

The list represents bad passwords in actual use! Why do people do such silly things? Suffice it to say that they aren't paying attention.

A few years ago my friend bragged to me that he changed his main password from "password" to "passw0rd.” His thinking was that by changing the "o" to a zero that all of the bad guys would go away. No hacker could figure that out, right? His line of thinking was (and still is) wrong. It ends up that passw0rd was the 24th most used bad password according to SplashID.com”s worst passwords of 2015.

Most likely the same-password-everywhere routine can be blamed on our memory. That’s where password managers come to the rescue. The most popular brands include RoboForm, Dashlane, LastPass, KeePass, and SplashID. I have been using LastPass for several years now and I am very satisfied.

These cloud-based managers are a piece of software that reside on the manufacturer's website and store all of your internet passwords. You have one password to remember to access your account on one of these sites. They use very tight security procedures after one of them was broken into a few years back, so I assume they are pretty tough to break. I suggest you try one or more of those services and find one that you like. I use several dozen password websites every month and I could not imagine having to keep track of all of those passwords.

The next step up in online security is YubiKey. This method is becoming more widely accepted by many who feel that they need the best. It is called "Two-Factor Security” and is as close as your computer’s USB port. That’s where the Yubico key fits in. Even if someone steals your ID and password they still cannot get into your account without the physical key.

A single YubiKey has multiple functions for protecting access to your email, your apps and your physical spaces. The versatile YubiKey does not require software installation or a battery; just plug it into a USB port, and touch the button on the USB dongle for secure and strong authentication.

Yubico uses U2F, which is an open-authentication standard that enables internet users to securely access any number of online services with one single device, instantly and with no drivers or client software needed. It now works with Google, Facebook, Dropbox, LastPass and dozens of other sites and services. A single key costs about $18. This type of system is the wave of the future in my opinion.

The consequences of having the bad guys figure out your password are something that most of us don't spend a lot of time thinking about. But if you can imagine having your bank account wiped out due to your very weak passwords, you will have a significant attitude change.

RECENTLY IN

Recently in: