Meet the new passwords, same as the old passwords
by. Jimmy Marks
Convincing people that a bad idea really is a bad idea is tough. Just ask anyone who went into a barber shop back in the 80′s and said “Give me the ‘Flock-of-Seagulls’, please.” Or anyone that invested in Blackberry and didn’t sell before October of 2009. Or anyone that uses a “guesstimate” when it comes to cooking poultry. Just use a meat thermometer, guys.
Here’s a really bad idea: Using the word “password” as your password. When someone’s striving to get into your online accounts, a good first move is to guess your password. If your password is “password”…well, mission accomplished.
“Oh, that’s just common sense,” you say. Normally, I’d agree with you. But a recent study by security expert Mark Burnett found that “Password” and the number string “123456″ are the most frequently-used passwords, or are components thereof.
To back that up, a recently discovered cache of stolen passwords (about 2 million or so) was data mined by a security company. Their discovery? Most passwords were the number string “123456″, with “password” not far behind. Worst of all, these were the same worst passwords last year, in the top 1 and 2 slots.
What is it with people? Why do they continue to do this to themselves? Maybe that’s the wrong question. Maybe the real question is, “What can we do to help?”
Some ideas:
- Require your users to have complex passwords, and explain why. There are plenty of ways to practice what we preach here, including an “evaluation scale” that tells users how secure their password is as they enter it for the first time.