Home / Editor's Notebook / Head ’em off at the pass(word)

Head ’em off at the pass(word)

Computer security gurus Sharon Nelson and John Simek have enumerated a number of “Stupid mistakes that lawyers make with technology.”

Two of the eight errors they flag involve computer passwords, or, the failure to take precautions when creating or safeguarding same.

If you look up and see the yellow sticky note hanging from your monitor with “User Name” and “Password” written on it, you might want to take that down before reading on.

Selecting a password is obviously a highly personal task, and some people use their first names, the names of their children or their birthdays.

According to PC Magazine, the most common password among the millions used on the Internet is simply “123456.”

That’s not terribly creative, nor is the second-most-used password: “Password.”

Rounding out the top five were qwerty (the top row on the keyboard), abc123 (a progression of sorts) and the plaintive letmein.

The website whatsmypass.com a few years ago compiled a list of “The 500 Worst Passwords of All Time.”

The compiler noted that he came across some interesting choices when putting together the list. An erstwhile Trekker used ncc1701 (the Starfleet number of the Enterprise on “Star Trek”) while a George Lucas fan used thx1138, the title of Lucas’s first film.

Someone used 8675309, the phone number from the 1982 song by Tommy Tutone. Maybe this guy was Jenny’s ex.

A surprising number of passwords on the list are Not Safe For Work, perhaps the tamest of which we can print is “sexsex.”

Dave Piscitello, who blogs about Internet security at securityskeptic.typepad.com, analyzed the list of 500 worst passwords, and found some recurring mistakes.

The bad ones often are short, or they use single English words or names. They may be a sequence of keystrokes off the keyboard. They don’t show much forethought, and none uses a capital letter or special character that would make it harder to crack.

A good password, Piscitello counsels, incorporates a combination of characters including capital letters, numerals and special characters.

It would look something like this: I!Want!1!More!Cookie or 3@Musketeers @Bar
This may all sound very basic, but when you don’t take the time to think through a password, you are putting yourself at risk. Just Google the phrase “password cracking software” and you’ll uncover the cottage industry that has developed to get past your weak password choice and into the data on your network. To give you an idea of the thieves’ mentality, one of the top cracking programs is called “John the Ripper.”

So pick a password that you can remember easily and that the bad guys can’t guess, even with the algorithms in their cracking programs.

If you want to check the strength of your password, Microsoft provides a handy Password Checker at www.microsoft.com/security/pc-security/password-checker.aspx.

Microsoft advises, as do Nelson and Simek, that a password should be at least 14 characters long and use a combination of the characters as described above. Use numbers that are meaningful only to you somewhere in the password.

Anything less, the experts advise, and you might as well take that post-it that was hanging from the monitor, scribble “Please Steal Me” beneath your password and hang it back in the middle of the screen.

One comment

  1. Thank you for mentioning my “high probability” passwords page. You may also be interested in sharing my page on how to make strong passwords (that you can remember) at http://securityskeptic.typepad.com/the-security-skeptic/2010/02/how-to-create-strong-passwords-.html

Leave a Reply