Pssst … What’s the Password?
Guess what the most commonly hacked password on Internet business systems is?
It’s "Password1."
Now, you might say to yourself: What kind of moron would pick a variation of the word “password” as their password, especially if the site contains valuable and sensitive information?
Take a look in the mirror. Want to know the most frequent password for legal websites? Right … it’s some variation of “lawyer” or “attorney,” just as medical websites see lots of “doctor” passwords.
There’s a simple reason for this. We choose passwords that seem glaringly obvious precisely because they are glaringly obvious. We want to be able to remember them easily. Anyone who has gone through the hassle of retrieving a forgotten password understands why this is desirable.
But these days it doesn’t require an especially sophisticated hacking system to cycle through trillions of password combinations in no time. And passwords with a linguistic connection to the site are more quickly broken.
Some simple password safety tips:
* Longer is better. A seven-character password has 70 trillion possible combinations; an eight-character password exceeds 6 quadrillion.
* Complexity is good. Use keyboard characters other than letters and numerals.
* Write it down. Pull out an old-school pad and pencil and record the password.
* Put it away safely. Make sure prying eyes can’t peek at passwords.
* Change it. Especially if you have reason to believe your privacy has been compromised.
* Consult an expert. Law firms are hiring in-house IT experts and using outside security consultants.
The password hackability study was conducted by security services firm Trustwave. Its "2012 Global Security Report" summarizes nearly two million network vulnerability scans.
By the way, the second most hackable password is “welcome.” Consider using some twist on “stay out!” instead.