Most popular (and wrong) passwords
An average Internet citizen will have Facebook, Twitter, probably Pinterest or LinkedIn account – and then your Gmail, Yahoo mail, your Internet banking ID, your favourite forum account and the list goes on.
It turns out that most of us choose a common password for every site – what is the implication ? Well, if somebody gains leverage on one of your account.
It’s true that human brain can only process and memorize certain amount of data – that’s why people tend to choose easy password to remember. And it’s wrong, totally WRONG !
Here are the worst and unfortunately most popular 25 passwords in 2012:
# Password Change from 2011
1 password Unchanged
2 123456 Unchanged
3 12345678 Unchanged
4 abc123 Up 1
5 qwerty Down 1
6 monkey Unchanged
7 letmein Up 1
8 dragon Up 2
9 111111 Up 3
10 baseball Up 1
11 iloveyou Up 2
12 trustno1 Down 3
13 1234567 Down 6
14 sunshine Up 1
15 master Down 1
16 123123 Up 4
17 welcome New
18 shadow Up 1
19 ashley Down 3
20 football Up 5
21 jesus New
22 michael Up 2
23 ninja New
24 mustang New
25 password1 New
Is your password in the list ? 
If so, read on for my suggestions.
So, how to set password wisely ?
This suggestion below is totally based on my personal experience and I shall not bear any responsibility – OK I am done with disclaimer and if you’re still here, let’s move on:
1. Separate your important accounts from unimportant ones.
For me, I’ll set a separate password for my junk account (forums, secondary Facebook account, Yahoo mail - sorry Yahoo, your spamming filter doesn’t work !).
For important account such as credit card, Paypal, Amazon or banking-related, I’ll pick a different and much longer password.
That way, at least the chance of getting my credit card hacked reduced by 50%.
2. Set your password long & complex enough for hackers
Every password can be crack given enough time with brute-force. According to the calculation at this page, at brute-force speed of 1B guesses/ second (cluster servers, super computing node, or a botnet networks) :
- It’ll be matter of minutes or hours to crack if your password is just pick from alphanumeric values.
- But it’ll take 83.5 days to crack if your password include all possible characters.
which are:
0123456789AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz <SP>!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
| Password | Class of Attack | ||||||
| Length | Combinations | ||||||
| 2 | 9,216 | Instant | Instant | Instant | Instant | Instant | Instant |
| 3 | 884,736 | 88½ Secs | 9 Secs | Instant | Instant | Instant | Instant |
| 4 | 85 Million | 2¼ Hours | 14 Mins | 1½ Mins | 8½ Secs | Instant | Instant |
| 5 | 8 Billion | 9½ Days | 22½ Hours | 2¼ Hours | 13½ Mins | 1¼ Mins | 8 Secs |
| 6 | 782 Billion | 2½ Years | 90 Days | 9 Days | 22 Hours | 2 Hours | 13 Mins |
| 7 | 75 Trillion | 238 Years | 24 Years | 2½ Years | 87 Days | 8½ Days | 20 Hours |
| 8 | 7.2 Quadrillion | 22,875 Years | 2,287 Years | 229 Years | 23 Years | 2¼ Years | 83½ Days |
83.5 days on a super computing node to crack a 8-character password ? So let’s make your password AT LEAST 8-CHARACTER LONG !
3. But how to make it memorable to you ?
”Memorable” is a very subjective term and rely heavily on your personal preferences, so I would introduce only a few techniques from Wikihow – find out which one suit you most !
How to store my password securely
Most importantly: do NOT write it down and keep it somewhere – you probably spend more time to find where do you store that piece of paper 
Instead, with the popularity of today’s smartphone, make use of it: http://www.tomsguide.com/us/pictures-story/662-3-best-mobile-password-managers.html
My personal favourite is LastPass – I only wish that them implement finger-print authentication so that I can use it safer on iPhone 5S .
So that’s it – hope you find your own way to create secure and memorable password folks !
Last but not least, even if you come up with the most difficult passwords to crack, you’re still prone “social engineering” !
No comments:
Post a Comment