Password Security – And Simple Ways to Create Strong Ones

by Erin on January 25th, 2010 in Industry and Security News, Security Tips.

Passwords. They’re a critical way to stay secure online. But we just can’t seem to get them right. According to a new study by Imperva, which analyzed the 32 million real-world users passwords that were made available publically when RockYou was breached, –

  • 30% of users select passwords that are only 6 characters or less
  • 60% chose passwords from a ‘limited set of alpha-numeric characters’
  • 50% used names, slang words, dictionary words or other trivial passwords (consecutive digits, adjacent keys, etc.)

And, then - maybe the most telling - there was this key finding:

  • The most common password was found to be “123456”. The runners up rounding off the top five choices: “12345”, “123456789”, “password”, and “iloveyou”.

What’s the lesson here? If any of these sound at all familiar, it’s time to update your passwords! Let’s start with the three basics of building a secure password – here’s what conventional wisdom from the security pros tells us:

  1. Passwords should be made up of at least 8 characters.
  2. Never simply use words that are found in a dictionary. Instead, mix special characters, upper and lower case letters, and numbers to create complex passwords in a way that's memorable to you.
  3. When selecting numbers, don't choose figures that may be personally identifiable to you; your birthday, Social Security number and phone number are off limits.

Now, how do you create your password, following the above tips, and find a way to commit it to memory? One of the members of our team here at Lavasoft offered this great piece of advice –

“My favorite password tip is to create phrases with years in them and then take the first letter in each word. For instance, ‘USA beat Russia to the moon in 1969’ would be ‘UbRttmi1969’. If you create the phrases yourself (with personal wording), this is fairly unbeatable by brute force or dictionary attacks - you usually get more than 8 characters with mixed casing and numbers and it is still pretty easy to remember.”

For those looking for further password tips, LifeHacker has an interesting (and slightly more technical) write-up.

Oh, and one more helpful hint to set you on the path toward password security: once you’ve created your solid and secure password, keep it safe – and that means no giving it away, not even for any sweet treats! According to a poll reported via The Local, many of those surveyed from Lavasoft’s corner of the world (Sweden) had no qualms about exchanging their passwords for no less than a chunk of chocolate!