Weak Passwords Can Jeopardize Your Personal And Professional Security [Infographic]

A weak password can put your blog, social media profiles, and personal data at risk

Are your passwords strong? Better yet…are they weak? Do you know the difference?

I know, I know…passwords are a pain.

They’re hard to remember, sites and social networks keep making you change them and don’t even get me started on the process you have to go through to reset them.

It would just be better if we could all use 1234 as our passwords, right? Probably not…

Especially as social media sites grow more and more popular and we continue to share highly personal information on them, the strength of our passwords is going to become more and more important.

So let’s talk a little bit about passwords and security.

High Risk – When Your Password Is Weak And Limp

Typically, a password is defined as “weak” when it only contains a series of lower-case letters and is especially weak when it contains a commonly used word like “love”.

Weak passwords are easily cracked because hackers can use what is referred to as a dictionary attack, which just continually submits your username and password with words found in the common dictionary. If you use a word that you can find in Merriam-Webster…your password is weak and you’re begging to have your account hacked.

SplashData, a security firm that analyzes security breaches worldwide, does an annual review of the worst weak passwords each year. Some of my favorite worst passwords include:

  • password (yes…people still use this)
  • qwerty
  • 123456789 (not really a tough one to crack)
  • letmein
  • admin (especially great if your username is “admin”)
  • abc123 (the Jackson Five might be justified in using this one)
  • 121212
  • 123123 (only slightly more creative that the previous one)

Many sites won’t even allow you to use a weak password, but there are still some that do. But don’t.

Weak passwords are for Spaceballs.

Instead, protect yourself and update that password to something better.

If your username is admin and your password is admin...you're just asking for trouble. Is your password strong enough? Click To Tweet

Capitalization Makes It A Little Better…But Still At Risk

You now understand that a simple dictionary password is a high risk. So would it solve the problem if you just capitalized the L in “Love”?

Not really.

Since the password is still in the dictionary, the hacker-bots have smartened up and have now started sending dictionary attacks first, and then following with dictionary attacks that leverage case-sensitivity.

Sure, it takes longer, but your personal information is worth it to them.

For comparison, if you type “love” into the Password Strength Meter at www.my1login.com, you’ll see that it would take a good hacker less than 1 second to crack your password.

Using love as your password would take a hacker less than a second to crack

Adding a capital L to the mix, doesn’t really make any difference. Because the password is only 4 characters, is a dictionary word, and doesn’t contain any special characters, it’s just a cake walk for a hacker to crack.

Even Love with a capital L is a bad idea for a password

So what’s the first step in creating a stronger password?

Medium Strength – Fighting Back With Numbers

Yep, that’s right…fight those hackers by adding a few numbers.

But be sure that they aren’t sequential, though. “Love1234” isn’t really a great password.

Love1234 uses capitalization and numbers, but is still a weak password

Adding number helped, but Love1234 could still be cracked by a good hacker in under a second.

So, to strengthen your password even further, start by using non-sequential numbers and add more of them. As you can see below, “Love243570” is moving in the right direction.

Adding non-sequential numbers to your password can strengthen it

We’re up to an hour in crack time, but that’s still a weak password.

Getting Stronger! – Adding Special Characters To The Mix

Want to make your password just a little more special and ready to resist those nasty hackers? Give it some extra-special ooomph by simply adding a special character. Something like % or & or @ makes a big difference in keeping your information safe.

You can even substitute the letter S with the $ or the letter a with @ to make it easier to use.

As an example, let’s take our Love243570 password and replace the “v” with a right carat (which look like this >).

Adding special characters can really strengthen your password

There we go! A strong password that will take a hacker 3 years to crack. Now we’re in the neighborhood of stronger passwords!

Guess what…according to the Microsoft guidelines on passwords, you just created a strong password. Congrats!!

Do you know what it takes to create a strong password? Do you know why you need one? Click To Tweet

But Is Strong…Strong Enough?

To be honest, there really is no “strong enough”. As long as we rely on passwords, there will be hackers trying to crack them.

However, what you want is a password that is so strong that hackers don’t want to waste their time trying to crack yours, so they move on to the next person who probably has a weak password. For that reason, you can’t just stop at creating a strong password. You also have to think about password rotation.

To keep ahead of the hackers, you need to change your password on a frequent schedule. While there is not tried and true rotation schedule, you’ll need to find one that keeps you safe, but isn’t messing with your life.

For instance, some organizations require their users to change their password every 3-4 months. The result? People started writing down their passwords and keeping them in a notebook in their desk. Youch!!

Something like twice a year is ideal, but once each year would probably be enough. It’s up to you to find what works for you.

Why Do I Really Need A Strong Password And Why Should I Rotate It?

Hmmm…let’s think for a second. What kinds of information are you sharing on social networks like Facebook, Twitter, LinkedIn, Pinterest and YouTube:

  • Your name
  • Your location
  • Your employer and your employment history
  • Your spouse
  • Your kids’ names
  • Your kids’ schools (how many of their photos have their school name on them?)
  • Your kids’ friends
  • Where you’re going to be this weekend
  • Whether you are traveling
  • Whether your house is currently unattended (because you’re traveling)
  • Where you went to school
  • What professional groups you belong to
  • Your address and mobile phone number (usually found on your resume)
  • Your email address (and any alternate email addresses)
  • Access to your email, both personal and potentially work email.

Trust me…you don’t want this information in the hands of someone who has bad intentions. I’ve been there, having had my blog and Twitter account compromised.

It’s not a fun experience and I hope you never have to encounter it.

NOTE: A special note on why email addresses are such a problem. So what if a hacker gets your email address. What are they going to do, send email on your behalf? You could only wish.

Remember that for many social networks, the magic combination is User ID and Password. Guess what…many sites allow you to type your email as your User ID.

If a hacker gets your email address, they already have HALF the magic combination and now just have to figure out your password.

Hackers are working harder and harder to steal your information. More and more, thieves are become less interested in your stealing your television and more interested in going after your entire bank account.

Protect your blog, your social media profiles, and your personal data by using strong passwords and rotating them. Click To Tweet

Take a look at this great infographic created by the folks at LastPass giving a bit of insight into the psychology behind passwords and why hackers love to go after them.

Weak Passwords Can Jeopardize Your Personal And Professional Security [Infographic]

Have additional tips on how to keep your password safe? I’d love to hear them in a comment!

Cheers!

–Sean

 

 

Content So Good You Can Almost Taste It!

Subscribe to my email list and get updates in your inbox

Join my mailing list and get all of my social media tips, tricks, and comics in your inbox. Spam-free, guaranteed!





Comments And Reactions

  1. Ian Shea-Cahir says:

    The worst part is using one password for everything. http://youtu.be/48wZBoPrPDM?t=20s

  2. decibel.places says:

    I use KeePass – a LOCAL (ie I carry it with me, it’s not somewhere hackable in the cloud) encrypted db that I can share across my machines – PCs, phone, even runs on a USB stick

  3. Scott Allen says:

    I prefer a low-tech approach — an algorithm that I can remember, that’s based on the name of the site, but that is not easily analyzed off of having just one password. Then I’m not reliant on any third-party software, and I can get into any account from any device, but if one account gets hacked, I’m still safe everywhere else.

    So, for example, my LinkedIn.com password might be (but isn’t):

    frL7(3og

    On its own, no one will ever figure it out, but I always can, fairly easily.

  4. Andreas Wiedow says:

    What’s your stance on the following points:

    1) Ticking the . . . ‘Remember me’ . . . option ?
    2) Logging in SoMe sites via eg. twitter or facebook account ?
    3) Phishing emails that can log on through your computer via the ‘remembered’ passwords ?

    Cheers,
    Andreas

  5. SandraWilliams says:

    Good reminders


Speak Your Mind, Share A Comment, Ask A Question

*