Weak passwords: How is this still a thing?By Dale Meredith
The Hacking Team and Sony, both victims of high-profile hacks, were using passwords like “HTPassw0rd,” “wolverine,” “Fuzzing1.!,” Passw0rd and many other easily guessed phrases. In fact, Sony had one document stored on their servers called–are you ready?–“Logins and passwords.xls.”
It kills me every time we see security breaches caused by this simple-to-fix concept. I think it truly comes down to outright laziness. We’ve become a society that thinks “no one will want to hack me” or “that will never happen to me.” Or, my personal favorite, “I don’t want to have to remember a long password because it’s such a hassle.” Really?
Let’s do a little “SuperDale the Psychic” test here. Let me see if I can start to guess your password:
1) Password (or maybe you’ve used an “4” as an “a”)
a. P4ssword (oh wait, I just pwned The Hacking Team’s admin password)
6) Your child, pet or partner’s name followed with 0 or 1
a. Dale, how would you ever get these? A: Something I like to call Facebook (we share WAY too much)
7) Your birthday (I’ll also try using your child’s, parents’, grandparents’)
8) Your favorite sports team, city, school or musical group
10) Last 4 digits of your social security number (I’ll also try adding those numbers to the end of any of the pervious guesses)
From this list alone I probably just nailed 20 precent of you. And if I didn’t get you, it would probably only take me a few more minutes if you have a weak password. How many of you use the same passwords for multiple sites and services? Is your Citibank password the same as your Pinterest login?
Listen, I get it. Trying to come up with a password that is “strong” and then remembering it (without writing it down on a sticky note and taping that to the underside of your keyboard, laptop or phone) can be a struggle.
In the video below, I’ll show you how to create a password that is difficult to crack, yet still easy to remember. When it gets down to the nitty gritty, the issue is always in the length of the password and making sure it isn’t a real word. I don’t care if your password is in Spanish, English, French or even Klingon. I’ve got a dictionary file for any and all possible “real” words regardless of the language. Also, please don’t think you can trick me by replacing and “a” with a “@” or a “s” or an “$”. They might slow me down, but they won’t stop me.
So do yourself a favor. Spend 10 minutes and watch the clip below to save yourself from becoming the “weakest” link.
About the Author
Dale Meredith is a high-demand contract Microsoft Certified Trainer and project consultant. Along with his 17 years of experience as an MCT, Dale also has an additional 7 years of senior IT Management experience. Dale worked as a CTO for a popular ISP provider and a Senior Manager for a national hardware supplier. His technology specialties include Active Directory, Exchange, Server, IIS, PowerShell, SharePoint, System Center/Desktop Deployment, and Private Cloud. Dale's wide network of IT contacts stay connected through his popular blog site at www.dalemeredith.com.