Seriously, It’s Time for A Better Password Strategy!

Every year, the list of top used passwords is published, and every single year it re-enforces the fact that Users Need a Better Password Strategy!   As company’s shore up privacy policies, the responsibility to make it at least difficult to guess your password lies squarely with you, the user.  Organizations must of course enforce password strategies and associated policies for length and complexity, and there is plenty of blame to go around there, but as someone that has crafted failed password strategy and policies almost always it comes down to user resistance.

better password strategy

First, a little snapshot of the 10 most used passwords in 2018 from our friends at LastPass:

bad passwords, time for a new password strategy

Bad Password Strategy #1

First, if you are using any of these: stop reading, and go change them now, because if I’m a hacker these are the passwords I’d try first. Let’s get to the heart of this failed password strategy:  Do not use words that would typically be found in a dictionary, or consecutive numbers, or letters appearing near each other.  Hackers will typically load all of the common passwords and possible dictionary words and run a program to try to break into your account.

Bad Password Strategy #2

Do not use the same password across multiple sites.  You don’t know it yet, but if you had a yahoo email account (3 Billion Yahoo Account passwords were stolen!) and you followed this practice, then the bad guy already has every single account you used that same password on.

Bad Password Strategy #3

Do not write your password in an easily accessible area (example: postit note on your monitor), or share your password with anyone.

bad password strategy share password

Bad Password Strategy #3

Do not use passwords that includes names of loved ones or information easily found in Social Media.  Phishing has proven to be an effective way to break these kinds of passwords.

Bad Password Strategy #4

Do not set a password forget about ever changing it.  Most companies enforce good password expiration policies, but you need to change passwords for your personal accounts.  This is sort of a related strategy, but don’t think that just by adding numbers to the end of passwords is actually changing passwords.

Bad Password Strategy #5

Do not just use letters or number in passwords.

At this point most of you are about to throw your arms up in the air, so what do we do to protect our valuable online assets from hackers ?