When the Internet first became popular, Internet security was not a hot topic that everyone was concerned about. When making passwords, people often turned to easy to remember favorites like “12345,” “password,” and “iloveyou.” Surprisingly, even after all the news of hackers and people losing thousands of dollars from online identity theft, these passwords remain to be the most widely used.
A new analysis shows that about one out of every five people still use one of these easy to guess passwords for their Internet accounts, which is the digital equivalent of leaving a key under the doormat.
Within the last month, an unidentified hacker stole a list of 32 million passwords from RockYou (a company that makes software for users of social networking sites like Facebook and MySpace) and posted them online for everyone to see. This list backed up the hypothesis that people are still using the easy to guess passwords and gave hackers a list of the most popular passwords to make their hacking easier then ever. Especially with today’s fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.
“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations… The reality is that you can be very effective by choosing a small number of common passwords” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers.
So why do users continue to employ easy to guess passwords despite all the warnings about the risk? Security experts suggest it’s simply because people are overwhelmed with all the things we have to remember in this digital age, such as voicemail passwords, A.T.M. PINs, Internet passwords, etc.
In an ideal world, people would have a different password for every website, and would remember all the passwords, and only if really necessary, write it down on paper. But in the real world this is way too much to remember for our overcrowded brains, which is why experts suggest we should have at least two different passwords. One complex password for important accounts such as e-mail and banking, and a simpler one for accounts such as entertainment and social networking.
“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”
To “run that bit faster”, you should try to make your passwords at least 12 characters long, throw in some number and capitals in there, making your password much harder to hack then most. This way, the hacker would rather break into someone else’s account within minutes, then bother with yours for hours.