Is your password terrible? Answer 5 questions to find out.

The time has come for a little heart-to-heart about your passwords and security. We have all lived the story. You’re in a hurry, yet another online platform is asking you for a password, and so you tap something in. Promising yourself to update it with something better later. What did you pick? password1? password123? qwerty2020?

To make all of us feel just a little worse about what we’ve tapped into keyboards before – here are the top 10 worst passwords from 2019.

Is yours here? (I’m not telling you if mine is…)

The Top 10 Worst Passwords of 2019

1. 123456
2. 123456789
3. qwerty
4. password
5. 1234567
6. 12345678
7. 12345
8. iloveyou
9. 111111
10. 123123

If your password isn’t listed here in the top 10, don’t pat yourself on the back too soon…

Why keep hackers out?

We know we’re meant to be protective of our information online, but do you know why? What can be done with your information or access to your online platforms? Here’s just a sample: ransomware attack, identity theft, credit card fraud, redirecting your business website to a spam site, phishing attack, extortion, selling your personal data to third parties, email spoofing, and more.

“It won’t happen to me!”

Have you ever had a friend apologise for their Facebook account being hacked? That’s either a weak password or duplicate that has been used on a different website that has had their data compromised.

Have you ever had your email account used to send out spam without your knowledge? Either a weak password or duplicate that has been discovered on a different website, during a data breach is usually the culprit.

What does a hacker do when they have “found” or purchased a list of usernames and passwords on the dark web (yes, it is getting a bit dramatic now)? Armed with this happy combination they head over to a range of well-known websites e.g. any social media, Paypal, Gmail, Yahoo, banks, etc and try to get in. Why? To get access to emails, steal identity-related information, steal email addresses from contact lists, look for more passwords contained in emails, plant viruses, send virus attachments in emails to others from your account, pretend to be you on social media to see who else they can rope in. Any private, personal information is at risk. And your $s too. These identity-theft criminals use this information to run scams.

Depending on the hack, this could derail your professional life, your private life, or both.

Answer these 5 questions to see if your password is truly terrible.

1. Is your password longer than 8 characters?

The fewer characters used, the faster it is for hackers to crack your password and get into your platforms to take advantage of you. Hackers are not leisurely tapping random letter/number combinations and dogs’ names into a keyboard, hoping they get into your email. They’re using computer programs to run through every possible combination of letters, numbers, and characters in seconds – far more than they could ever do manually.
A short password makes light work for hacking software. Besides, if a password is shorter than 8 characters, it’s more likely to be something super hackable like kitty1 than it is d9i#6H, right? Even lighter work for the software!

The remedy: Make your password longer than 8 characters. Be generous.

2. Is your password something easily discoverable about you?

Personal information about you is remarkably easy to get a hold of, especially when you have innocently shared it in public on social media. Pics of your birthday cake or anniversary date, your child’s birthdate, your suburb, school, your mum’s maiden name, etc. – it’s all easily available. Even if you’re sure you’ve steered clear of sharing your birthdate online, there are only 365 days and 12 months in a year. If you add the last 100 years for your year of birth – that is not many potential combinations. Imagine how quickly a computer program could rocket through those number sequences.

Hot tip: Also avoid your business name, a play on words from your business name, your business address, part of your phone number, etc. This is still too close to home!

The remedy: Use random letters, numbers, and symbols.

3. Is your password letters only?

Thankfully, these days most websites force you to include more than letters alone in your password, but there are still some holdouts. Let’s take this further. Are there full words in your passwords, even if there are numbers and symbols too? There are approximately 170,000 words in the English language, that’s a quick crack for a hacker’s brute force software. Remember: If it’s in the dictionary, it’s easily cracked.

The remedy: Use random symbols, letters, and numbers in your passwords.

4. Are you using the same password for multiple sites?

This trips up a lot of people! Even if you have a strong password – but you use it on multiple websites, you’re at risk!
Every few months, news sites report a data breach on some popular website, utility provider, or even a government department, and email addresses are leaked. At first, it sounds innocuous, my email address is no secret, surely. But here’s the scenario:

1. Hacking software cracks your password for Twitter (qwerty1, nice!)
2. Using the same email address, the hacking software now has access to your Facebook too.
3. You didn’t use qwerty1 on your Gmail too, did you? Oh.
4. What about your Amazon or Paypal account? How many saved credit cards do you have there?

You can see how this can snowball across a lot of platforms. What other platforms have you used that password on? More online shopping, government websites, online banking?
Armed with your go-to password, hackers are set to wreak havoc on your online and offline life.
The remedy: Use a unique and strong password for each platform.

5. Do you change your password regularly?

Unless the website you’re a user on forces you to change your password now and then, a lot of us keep passwords for a very long time. I have been guilty of this myself (shhhh!). Again, even if you have a great password, if you’ve had it for 7 years(!), you’re leaving yourself vulnerable to a hack. Time for a change. The more sensitive or valuable the data is, the more frequently you should change the password.

The remedy: Change your password regularly.

What’s the solution? How do you do passwords right?

You might be thinking, how are you supposed to memorise all of this: unique passwords with random letters/numbers/symbols, that you have to reset regularly?

Use a password manager

There are plenty to choose from, often free or with pro levels for extra features, e.g.: LastPass, Keeper, Google Password Manager, 1Password, etc. You have one master password (ironically), or you can set up multi-factor identification, which gives access to your passwords on your device. Your stored passwords are encrypted and synchronised across devices, so it will be as easy to log in on your laptop as your mobile phone.

Here are other reasons to use password managers:

• Auto filling of username and password makes it even easier than typing your password each time.
• It will generate a suggested password each time you need a new password. You can select the number of characters (the more the better, remember?), what types of characters, etc, then it will save it straight into your manager.
• Safely sharing is easy. I only need to do it occasionally, but when I do I know it’s not good to paste passwords into a text message or email. Password managers allow you to safely share an encryption of your password.

Hackers find ever more devious ways to access our data, and with the powerful tools available to them, it can be difficult to stay ahead of that curve. It is not possible to completely eradicate the risk of getting hacked, but you can reduce the risks by following the advice and remaining vigilant about your passwords.