Potentially one of your New Year’s Resolutions should be to beef up your passwords. Apparently the human brain is challenged to come up with passwords that are easy for them to remember and hard for computers to figure out.
In fact, guessing the worst computer password of 2017 is as easy as 123456. Roughly 150,000 unimaginative Americans made the simple six-digit password their key to unlocking their computer or cellphone — which would make it very easy for hackers to guess.
Top 10 Dumbest Passwords
Also making the Top 10 dumbest passwords this year are “Password,” “12345678,” “qwerty” and — perhaps the favorite of those with limited recall — “12345,” according to SlpashData, a California tech company.
Those with just a little imagination picked a password from pop culture, the company revealed. As “Star Wars: The Last Jedi” takes cinemas by storm, “starwars” became No. 16 on the company’s Top 100 worst passwords of 2017.
Pop Culture Passwords
“Unfortunately, while the newest episode may be a fantastic addition to the ‘Star Wars’ franchise, ‘starwars’ is a dangerous password to use,” said Morgan Slain, CEO of SplashData, which compiled the list from the millions of passwords stolen in huge cyberattacks and then released publicly.
“Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words,” Slain said.
Other notable bad passwords include “letmein” (No. 7), “login” (No. 14) and “trustno1” (No. 25). On the raunchier side of things, “a–hole” made the list at No. 34, and “f–kyou” was at No. 52.
Human Memorization Limits
The National Institute of Standards and Technology (NIST) notes that we tend to come up with characters that are easily guessed because humans have only a limited ability to memorize complicated strings of characters.
In response, online services often force users to adopt increasingly complex and hard-to-remember passwords. This, however, has not greatly reduced hacking numbers. In other words, previous guidelines have resulted in passwords that are harder for humans to remember while making them no more difficult for computers to guess.
In May, NIST released new guidelines calling for the elimination of special character requirements, and urged online services to allow for longer passwords that can include spaces. Strings of random words are easier for humans to remember, and harder for computers to guess.
"Strong passwords don't help as much anymore because the threats have changed. Phishing attacks and other forms of social engineering trick users into revealing their passwords. Spyware in web browsers and keystroke loggers provide attackers with all the keystrokes someone makes, including passwords," explains computer scientist Karen Scarfone. Scarfone is co-author of new guidelines for agency-wide password management issued for public comment by the National Institute of Standards and Technology (NIST).
Using effective password management as described in the guide will reduce the likelihood and impact of password compromises, she explained. The guide recommends that users be educated about threats against passwords and how they should respond. The publication also suggests that for some applications with high security needs, password-based authentication should be replaced with, or supplemented by, stronger forms of authentication such as biometrics or personal identity verification (PIV) cards.
For copies of this initial public draft of SP 800-118, Guide to Enterprise Password Management click here.
Dean and Draper
We wish you a very Happy New Year. When you are looking for information on personal or business insurance we invite you to contact us. We welcome your questions and are here to assist you in making good insurance decisions.
Dean& Draper is a Trusted Choice insurance agency representing over 200 insurance companies. For over 35 years we have offered a trusted freedom of choice to our clients. ContactUs.
The recommendation(s), advice and contents of this material are provided for informational purposes only and do not purport to address every possible legal obligation, hazard, code violation, loss potential or exception to good practice. Dean & Draper Insurance Agency specifically disclaims any warranty or representation that acceptance of any recommendations or advice contained herein will make any premises, property or operation safe or in compliance with any law or regulation. Under no circumstances should this material or your acceptance of any recommendations or advice contained herein be construed as establishing the existence or availability of any insurance coverage with Dean & Draper Insurance Agency. By providing this information to you, Dean & Draper Insurance Agency does not assume (and specifically disclaims) any duty, undertaking or responsibility to you. The decision to accept or implement any recommendation(s) or advice contained in this material must be made by you.
©2018 Dean & Draper Insurance Agency All Rights Reserved.