From The Digital Reader
Motherboard reports that a study of passwords leaked over the past year show that many users are recycling the same bad passwords they have been using for years and years:
SplashData estimates that nearly 10 percent of people have used at least one of the 25 worst passwords on this year’s list, and almost 3 percent used the worst password, ‘123456’. ‘Password’ was the second most popular password.
Other numeric passwords that weren’t new to the list were ‘12345678’ in third place, ‘12345’ at number five, and ‘1234567’ in seventh place. But there were some new, more creative (or, you know, not) variations: ‘123456789’ (in sixth place), and ‘123123’ in 17th.
Additional repeat offenders include a handful of very obvious words: ‘qwerty,’ ‘football,’ ‘‘admin,’ ‘welcome,’ ‘login,’ ‘abc123,’ ‘dragon,’ ‘passw0rd,’ and ‘master.’ But there were some new passwords on the top 25 list this year, including ‘letmein,’ ‘iloveyou,’ ‘monkey,’ ‘starwars,’ ‘hello,’ ‘freedom,’ ‘whatever,’ ‘qazwsx’ (from the two left columns on a standard keyboard), and ‘trustno1.’ The new passwords replaced 2016’s ‘123456790,’ ‘princess,’ ‘1234,’ ‘solo,’ ‘121212,’ ‘flower,’ ‘sunshine,’ ‘hottie,’ ‘loveme,’ ‘zaq1zaq1,’ and ‘password1.’
Many people wrongly assume that adding a zero instead of the letter O will make their passwords more secure, but, as SplashData CEO Morgan Slain is quick to point out in a press release, “hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.” Additionally, Slain points out that attackers are quick to use common pop culture terms to break into accounts online, in case you thought you were the only Star Wars fan.
. . . .
P.S. The top 25 most common passwords of 2017 were:
Link to the rest at The Digital Reader
PG admits this doesn’t have much to do with books, but most people who are in the least bit serious about hacking your computer are interested in money – credit card numbers, bank accounts, brokerage accounts, purchasing gift cards, etc.
Since everybody knows authors are rich, most of you are prime targets.
In addition to money (or sometimes instead of money) some hackers would just like to spy on your email, change the password for your website or bank or Amazon account. They could also have fun with your KDP account or claim to have planted a virus on your computer that they will tell you how to delete if you send them some cash or Bitcoin or something equivalent.
PG agrees with Nate in the OP that the best way of strengthening your password health is to acquire some password management software.
PG has used Lastpass for a long time with good results (perfect, actually). He has also received strong recommendations for 1Password from those whose technical chops he respects. Dashlane, Stickypassword and Logmeonce are other candidates with good reputations.
Unless the North Korean secret police are trying to hack your computer, just about any password manager will keep the bad folk out and improve your overall security 1000% (if you use it).
The specific things a password manager usually does that PG finds useful are:
- It stores your login credentials very securely (provided you don’t use “password” as the password for your password manager). You only need to remember one good password and the password manager will remember the rest.
- When you go to a password-protected site, most (maybe all) password managers will automatically log you into the site if you have the password manager running unless you’ve told it not to do auto logins. You can have a 100-character ID and a 500 character password and the password manager will plug those in so you’re in right away.
- When you set up an id and password for a new site, the password manager will offer to save them to save you the trouble of typing them into your password manager.
- If all you can think of is “momisthebest” as a password, the password manager will generate a really good password for you.
- PG asked Lastpass for a random 10-character password using lower and upper case letters, numbers and symbols and here’s what Lastpass produced – #48s5j82KW.
- PG decided he needed more security, so he asked Lastpass for a 20-character password and here that one is – 027oqq3XtK^3N@jW#f5S.
- A 50-character password? – F6B2fq&3bJm49Iu1xoM4n6plQSWDmvFHAx%#8ROmLb88wd^mjK
- 100 characters – P3J!tgisFPl%jeN6LZn5RFHfBRM9R6SkjFc5UMR9suKcawoF1h4Rc1WsQ$SnKj%MDpn#MB0@3OSg*ZDDRU8JM6z8Fji4DJfU14Ec
- We could go on having fun like this all day, but you get the idea. In addition to having a password generator inside Lastpass, you can also access Lastpass’s generator on the web without being a customer – https://lastpass.com/generatepassword.php
- PG found a cool site that estimates how long it would take a brute force attack to crack a password of your choice:
- The password “password” takes .29 milliseconds to crack (on a middling Core I5 computer).
- 1234567 also takes .29 milliseconds
- bestmom takes 11 minutes
- A little baby 8-character random password – p15S16#7 – takes over 14 years.
- Add one character for a 9 character password – 9P0g779!x – and you’re up to over 1,000 years. If you change this password only once every 100 years, you’re as safe as houses.
You can calculate how long a brute force attack with an I5 computer would take to crack your passwords at https://www.betterbuys.com/estimating-password-cracking-times/.
Since there is actual math apparently happening behind the scenes at the BetterBuys site, PG has no idea whether the numbers are real or not.