The news that “password” is no longer the most common password for users might seem like good news to IT managers. Maybe it’s a sign that they’re finally beginning to take security seriously? That they’re finally devoted to protecting information?
Other than satisfying that old rule of strong passwords containing at least one number, that’s not exactly a giant leap forward for security.
And the rest of the list is full of old chestnuts too, from “iloveyou” to “qwerty” to the somewhat pushy “letmein.”
Password problems abound
These annual studies of weak passwords might elicit a chuckle or two. But the temptation to believe a good password is enough protect you might be a last-generation security mindset.
Password crackers contain dictionaries of all the words in the dictionary, the Bible and pretty much any other source out there that users might draw on for something memorable.
7 ideas for stronger passwords
Here are some ideas to pass along to users:
- Make them unique. A stolen password on one account can easily be used as a guess or jumping-off point for cracking passwords on other accounts.
- Don’t use words. Dictionaries can be guessed. Combining several words doesn’t work either.
- Invent acronyms. Take first letters from song lyrics, favorite poems, etc. and use them to invent a new word. If those phrases contain numbers or upper-case words, so much the better.
- Never write them down. This may seem like a no-brainer, but take a walk around your office. We bet you’ll find at least one sticky note on the side of a monitor or a drawer that lists user names and passwords. Leave a reminder sticky note behind.
- Change defaults right away. If a website or account is given a default password, get rid of it ASAP. Replace it with one of your own.
- Sharing is not caring. No one should ever share a password with another user. Doing so only makes it harder to police who is doing what on your networks and could lead to problems when users move on from your company.
- Make a perfect password … then throw it out. Don’t stick with the same password for too long. Make it good, secure and memorable. Then ditch it. The longer you stick with the same password, the better the chance it will be uncovered or compromised.
For more information, see our sample Password Policy Template.