You’ll Get Hacked with These Passwords. Here’s How to Fix That.

Have you seen the list of most common passwords of 2014? They’re as bad as ever, with simple words and number patterns leading the pack. The awful “123456” takes the #1 spot as the most-used password of 2014:

1) 123456 2) password 3) 12345 4) 12345678 5) qwerty
6) 1234567890 7) 1234 8) baseball 9) dragon 10) football
11) 1234567 12) monkey 13) letmein 14) abc123 15) 111111
16) mustang 17) access 18) shadow 19) master 20) michael
21) superman 22) 696969 23) 123123 24) batman 25) trustno1

Why are these passwords so bad? Because they’re dictionary-based words, they’re easily hacked, and everyone else is using them. Chalk it up to ambivalence, laziness, or not knowing better, but these passwords are just plain dangerous.

If you have a different password for every website that looks like this: “4ESN5MC5!%Lsg9w”, then we commend you for your password management prowess and you can stop reading now. But if any of your passwords look like “123456” or “samantha21”, or you’re using the same password for more than one website, this might be the most important security advice you receive this year.

Passwords don’t have to be such a daily aggravation. They don’t have to be so time-consuming, either. We promise! Whether you’re a self-professed “digital native” or just use technology when necessary, these are steps that anyone can take to make passwords easier, improve your online security in the process, and regain control of your online life now.

1. Make password management a priority.

First, you have to make the decision that you want to be smarter with your passwords. At the prospect of improving their passwords, many shrug their shoulders and think “A hack won’t happen to me” or “Who cares if they get my throwaway password”.

If 2014 taught us anything, the increase in data breaches and cybercrime means we need to take action where possible to protect our identity online. Commit to spending time beefing up your passwords and getting started with a system to manage them.

2. Create a process to manage passwords.

If passwords are spread out across sticky notes, spreadsheets, emails, Google docs, and your browser password manager, it’s hard to have a firm grasp of how many sites you have an account with, and what passwords you’re using for each of those sites.

A password manager provides one, secure place to store and manage all of your passwords, usernames, and other bits of information for your online life (like answers to those pesky security questions).

Once you select a password manager, download the software, and create your account, you can put a system in place. Going forward, you will save all of your logins to your password manager. As you sign up for new accounts, you’ll now have a process for generating a strong password, and then saving the new account to your password manager.

3. Audit the strength of your passwords.

Once you have created a process for centralizing your passwords, you’ll be able to understand just how many accounts you have – and what the reality of your password situation is. In LastPass, you can run the Security Challenge (from the LastPass Tools menu) to get a comprehensive audit of your vault.

The results will not only show you how many total logins you have in your vault (likely more than you think), but it will also reveal how many weak passwords and duplicate passwords are still lurking in your vault. Now you can start eliminating any dictionary-based, weak passwords and replace them with new, generated, unique passwords, one for every online account.

4. Work towards a goal.

Getting started with a password manager like LastPass will certainly make passwords easier to deal with, and will streamline your online life. Hardly any thought will be required when you go to login to your accounts. Having a goal, though, will help you get the most out of a password management tool.

Perhaps your goal is to not have a single duplicate password. Or to update all your passwords to at least 14 characters long, like the security experts recommend. Or maybe you want to educate yourself more on two-factor authentication, and try it out for yourself.

Once you clarify how you’d like to improve your online security, you’ll be able to get the most out of the tools available and work towards achieving that goal.

The hardest part is just getting started.

From there, you can work at your own pace, build upon the basics, and over time take advantage of all that a password manager offers to make passwords easier to remember, and to make sure your passwords aren’t on the yearly list of most common passwords.

4 Comments

  • Alinn says:

    Just wanted to let you know I was teaching Internet security way back in 1999. I am surprised that people are still using the same passwords they used back then! I would have hoped that people learned from the amount of viruses, Trojan horses, worms, etc. plus internet malware and scams that were prevalent even then.

  • Yoda says:

    Diese Antwort sein Realsatire.

  • Ananya says:

    LastPass, you need to seriously improve the UI and UX of your website if you want to further this goal. Your 2-factor setup is also unclear, tricky and feels dangerously easy to get locked out of.