Attention People of Earth: ‘Password’ is Not an Acceptable Password

The annual list of the most common passwords has just come out, and ‘password’ has been dethroned. It’s now No. 2 on the list, surpassed by the equally secure ‘123456.’ Can you hear me sighing here? Can you?

The list comes from SplashData, and they got a lot of their data this year from an Adobe security breach that resulted in thousands of passwords being posted online. Here’s the list:

1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. Admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000

Now, listen, before you say anything: I know. I know it’s a pain in the you-know-where to come up with secure passwords. I know that some sites require six characters, some require eight, some make you use a number, some make you use a number and a capital letter, and so forth.

I also know that your company’s IT guy wants you to use a random 17-character string as a password, AND he makes you change it every 90 days. I used to manage that IT guy and regularly insist to him that my small company’s server wasn’t guarding the gold at Fort Knox.

But your password CAN and WILL be stolen. Security breaches are a regular part of the news these days. It’s a risk we take for convenience. Let’s try not to make it too easy for the thieves, shall we? There are ways to come up with a creative, secure password that you can still remember.

Here are my best tips for choosing a password:

1. DO decide where it’s really important. That’s right. I’m gonna tell you right here that I don’t think it’s super important to have a super secure password at every site. For example, I think it’s way more important to have a secure password for my online banking than it is to log in to my local newspaper’s site to comment on a story or to order a pizza online (provided you don’t store your credit card info with the pizza site). Basically it comes down to this: If getting this password can allow access to my money or some really important data, it’s important. If not, it’s not. So for those less important sites I have a couple of passwords I have been using for years that are less secure.

2. DO have a unique password for online bank accounts, credit accounts, etc. If someone discovers one of these and can steal money from you, you don’t want them to be able to get into the rest. So use a unique password for each of these.

3. DON’T use a single common word (secret, birthday, heart) or a name that others will know is associated with you, like a child or pet, even if you are going to add a number or two. Hackers get more sophisticated every year, and their technology can get past that.

4. DO use words that go together but aren’t necessarily a common phrase, and separate them with a number or a character, like summer$beach#swim or heart3rose7love. That will help you in remembering but be a character string that is harder to crack.

5. DO use a longer word or phrase and insert characters in the middle of it, like ini45%mitable or dea$#2dline. If you get into a pattern where you insert your character string at the same place (like here, after the third letter), that should help you remember.

The bottom line is that you can still choose passwords that you can remember by making it words, letters and characters that are meaningful to you, you just have to be a little more creative and do it. Do you have any password choosing tips to share?