Surprising Facts About Passwords

In this day and age, almost all of your sensitive information is kept online, which means that we rely heavily on passwords for protection. When you choose a password, what’s your strategy? Long random strings of numbers and letters? Or do you choose something familiar to you and use the same password over and over for convenience?

Lifehacker has released an article laying out exactly which password strategies are the most effective and why, along with a surprising warning. I have to admit, this is the first time I’ve considered that complex password constraints (like requiring mixed case, numbers, and special characters) could actually make things easier for potential hackers. Shocking!

What are your thoughts and comments? I want to hear your feedback before I change all my passwords to be more secure!

I would take multiple items or words that I really like and I would replace the E with 3 and replace numbers with the others. It’ll eventually look like a mess but I still remember everything and no one in my family has yet to figure out my password

I have a couple pwords that I use for.most things and.onr special pwords for that special occasion!

I hate tho, those constraints where you have.to add a special character… @#. etc. When I get those, I ALWAYS end up requesting a new password, as I don’t remember them.

I think.usi g.sometjong known to.you is fine, so long as not too obvious, like a pet’s name, dob, drivers licence number, or social number , or even a dictionary word (a word in most dictionaryoes, that a dictionary hack would crack in a couple mins).

Having worked in IT now for 15+ years I still find it comical how many users still try and use their first name (or even Password) as their password Pretty much since websites and the like started supporting longer complex passwords, I’ve always used 12 character plus alphanumeric password combinations with symbols…might not be hacker proof but will certainly slow them down if two factor authentication is not available also

I tend to use pass phrases, with a mixture of all 4 varieties. I rarely re-use passwords and if I do, they are only for non-financial sites.

Spaces in passwords help, here supported (I’m looking at you PayPal), and if you use a mixture or languages too - that would add another layer of complexity.

2FA is great where available, not that widespread yet though.

You’re never going to stop a full brute force attack though. Any windows networks I look after alway, and I mean always, have account lockout after a certain number of attempts.

If I had my way, you would have to fill in a form listing all your kids and pets names first, then you could never use those words in a password!!

25+ years in IT and it still surprises me how many passwords you will see written down, and people are way too willing to give you their password.

Nobody brute forces anymore. Especially online passwords.

Length is the most important factor in password creation these days.
Brute force and known word lists means password less than 8 characters in length are pretty straight forward to hack these days. 12+ is now the recommendation for things that need to be secure, but ideally longer.

If you have problems remembing passwords for many accounts, use a password manager.
I recommend Last Pass or Keepass however there are many out there.

Pretty sure that all the leaked and lost passwords where due to a relative use like abc123 is apparently a common password, so pure brute force is not used but dictionary attacks are used instead (common passwords stored and then tried)

Regularly clearing internet cache/info/cookies will definitely help keep yourself protected, as then it won’t autofil

Obvs not using autofil is even better.

Making sure your email pword is great, is good protection too, as most of the time, a pword reset is via an email link. So if email is safe, they can’t use… Lost password, to attempt a steal.

My email has a good 15 digit protection.

My phone is 5 digit code instead of 4 or iris. Plus my SIM has a code too, incase you try that. That’s on top of me getting access to control page to block, track, photo, GPS my phone, should they get past the initial blocks.

I have two-factor authentication turned on everywhere it’s available. Not the SMS one - those can also be hacked, and are not that great if you are outside your cover area and have to connect to some service in a new computer - but the rolling codes one. Nothing is 100% secure, but having this second layer of security is essential nowadays.