Home / Privacy / High-Risk Passwords: Don’t Use One of These.
Print Friendly and PDF

High-Risk Passwords: Don’t Use One of These.

Written by Gary North on December 26, 2012

Here is a list. It was provided by a firm that specializes in privacy.

 password, qwerty, 123456, abc123, admin, 111111, shadow, letmein, trustno1, iloveyou, love, football, baseball, monkey, master, batman and common names like michael, jordan, even jennifer.

I don’t use any of them.

I recommend using a phrase. Take the first letters of each word. To add complexity, add this: ///. That makes it much harder to crack.

You are far more likely to lose your privacy because some outfit has stored your data. It then gets hacked. The payoff for hacking some outfit like this is far higher than trying to hack 20,000,000 people, one by one.

I bought identity theft insurance from my homowner’s policy. I recommend this. Let the company pay to unscramble your life.

Continue Reading on finance.yahoo.com

Print Friendly and PDF

Posting Policy:
We have no tolerance for comments containing violence, racism, vulgarity, profanity, all caps, or discourteous behavior. Thank you for partnering with us to maintain a courteous and useful public environment where we can engage in reasonable discourse. Read more.

13 thoughts on “High-Risk Passwords: Don’t Use One of These.

  1. I use LastPass for mine. It can generate random passwords that are very hard to guess and then it remembers them for next time. You have to remember one password to get access to LastPass but after that, it takes care of it for you. You can also set it up for really long passwords that would take years to crack.

    People really need to learn about using good passwords tho. NEVER use anything that people can find out from facebook or some other social site. Pets, spouses and kids names are the worst. Go to a person's facebook, then try the names of pets/people you see there.

  2. You should absolutely never use a password that is an actual word or string of digits. Hackers have programs that guess every word in the dictionary.

    You should use randomly-generated passwords, as dalek mentions, or you should think of a unique phrase, and make a password out of the first letter or number of the words in that phrase. For example, "Whenever I go to my neighbor Jim's house he gives me six pancakes" – remember this and use the associated password "WIgtmnJhhgm6p"

  3. I used to speak to professional organizations on IT security. At one point in my presentation, I would put up a slide with a list of common 100 passwords. This was in the days of overhead transparencies. I would have a piece of paper covering the transparency and then slowly move the paper down, exposing a line of passwords at a time, while watching the facial expressions of those in the room. When a person saw his password, you could see it in his face and I would mentally identify those people with the first word in that line. By the time the whole transparency was visible, I could tell you within five words (there were five columns on the slide) what the passwords were for more than half the people in the room. Then I would say, “I want you to look around the room and see some red faces.” At that time, I would point to various people in the room and say the word that I remembered for each person. That first column was the most common for each row, so on average, I would be right about 30-50% of the time and there would be red faces all over the room… What’s worse, is that most often, those people would be IT security professionals or administrators.

    Popular movie characters or passwords (particularly from science fiction movies) are also easy guesses. Examples: Klaatu (The Day the Earth Stood Still), Joshua (the password in War Games), Falken (also War Games), Frodo, Gandalf, Skywalker, Vader, HAL9000 (2001 A Space Odyssey), Spock, NCC1701 (the hull number of the Enterprise). Hackers have lists of thousands of such words and they have scripts that automate attempting these passwords. The end result is that if you use one of these easily guessed passwords, it’s only a matter of time before your account is hacked.

  4. Just write a "random" string of upper & lower-case letters, numerals and allowable symbols (#$%^&, etc). Do not write anything else on the paper, which would refer to your username and or the website you created the password for. After you tell the site your new password and confirm it, make sure to log-out, then log-in (allowing your security software to update/save the new password.)

  5. There are plenty of random password generators online that will grind out nonsense passwords time after time, like yGVFh57w. How long would it take a hacker to figure that out?

  6. A lot of good suggestions for passwords,, Thanks everyone.

  7. Examples: (Once you establish a pattern, you can use that pattern over and over, with different passwords for different sites.
    • The last two numbers of the street address of the house where you grew up, followed by the second letter in the site name, followed by your best childhood friend's last name, followed by the first letter in the site name.
    • Your age, when you met your spouse, followed by the first three letters of your junior high school, followed by the second letter of the site name, followed by the last three letters of your junior high school, followed by the third letter of the site name.

    These methods generate something that would look entirely random to a hacker. So even if a hacker is using a "Man-in-the-Middle" attack, the only password that he would capture would be for the site that you were visiting, when he captured your entry. All of your other passwords would remain secure. Just establish your basic pattern and then vary it by site and you have a unique, but apparently random password for each site.

    Another is to use the first letter of the words to your favorite oldie (not popular songs). Ignore words shorter than 4 characters. Replace every other "B" with "8", "l" with "1", "o" with "0" and capitalize the second letter after a vowel or number. So the 12 character password for "Jingle Bells" would be based on "dashing through – snow – – – horse open sleigh – – fields – – laughing – – – bells – bobtails ring making" (the dashes represent short words that were left out). The password, based on the above rule would be dtsh0sF1bbrm. If you want to have a unique password for each site, change the third letter out with the third letter of the site name and the eighth letter with the first letter of the site name. But if one of those is upper case or a number, then replace the next lower case letter, in stead. It sounds complicated. But once you establish your own rule, it becomes second nature to create and use passwords based on your rule.

  8. catchesthewind says:

    The only tip that I can add is change your passwords often. I know it is a pain but then so is descrambling your life after identity theft. God bless you all.

  9. Actually, it takes MINUTES to hack your LastPass account. YOU just posted every password you use.

  10. The programs ASSUME you are following the advice you just gave. Hackers actually circulate that advice.

  11. Prove it. All passwords are encrypted locally. Even LastPass can't see my passwords. You claim it can be hacked, post my passwords. If you can't do that, then your claim is not real.

    "We've accomplished this by using 256-bit AES implemented in C++ and JavaScript (for the website) and exclusively encrypting and decrypting on your local PC. No one at LastPass can ever access your sensitive data."

  12. I could tell you an easy way to do passwords, extremely easy and you can use whatever phrase you want and it will change it into gibberish automatically.

    But if I told you the secret, the secret would be out to the hackers, so too bad. It works like a WW2 German encipher machine, only you don’t have to carry one around. It’s self contained and comes with every computer.

  13. Its such as you learn my thoughts! You seem to grasp a lot approximately this, such as you wrote the ebook in it or something. I believe that you just can do with a few percent to drive the message home a bit, however other than that, this is fantastic blog. An excellent read. I’ll certainly be back.