SplashData, a security application organization, released its list of the top 100 easiest-to-guess passwords of 2018, based on its assessment of more than five million leaked passwords that have been shared on the Internet.
SplashData's top 15 easiest-to-guess passwords were:
According to SplashData, many individuals continue to use these and other weak passwords, even though they know better. "Worst password of 2018? Survey says '123456'" chicago.suntimes.com (Dec. 15, 2018).
Commentary and Checklist
Creating strong passwords and requiring your staff to do the same is the best way to keep your family data and privacy safe.
It is not enough to teach your staff about why strong passwords are important. Surveys show that most people know this, but still continue to use weak passwords out of ease. By teaching staff both why and how to create strong passwords that are also easy to remember, you give them the tools they need to keep your data secure.
Train all members of your staff to use unique, strong passwords on all workplace devices and accounts. If they think they will have a hard time remembering unique passwords for each account, encourage use of a good password manager software. This software can generate strong passwords of desired lengths.
Another option is to use a passphrase. Pick a series of totally random words like: "banana Tom while mud". It must be totally nonsensical, and it is best if it is 12 words at least. Although the words are common dictionary words, when strung together as a phrase, it makes no sense. You can add special characters to increase the difficulty further.
Once tough-to-crack passwords are created, it becomes important to protect them. Never reveal a password in response to an email or other insecure form of communication. Always check that a website is encrypted before entering a username and password. Don't share passwords with another person, even with a coworker.
Here are some additional cybercriminal tricks they use to obtain passwords:
- Using software to randomly guess combinations of words until it cracks passwords that contain words found in the dictionary.
- Infecting your computer with viruses or worms that can record your keystrokes in order to find out your passwords.
- Using phishing emails to trick you into revealing your passwords.
- Hacking into a wireless network to intercept communications sent over it, including passwords.
- Creating fake websites to trick you into entering your usernames and passwords.