I know I’m banging on about passwords again, but this is important people! If you check this story out, you’ll see that of the top 10 passwords used last year, 4 were 6 characters or less, and hardly any of the top 20 are new or different to previous years. The top password of 2016 was 123456.
I talked in a previous article about why passwords were important, and this recent list just goes to demonstrate that. Apart from anything else, the bad guys take lists like this and use the results as the first passwords they try when they try to get into systems. If you’ve got a machine checking these it will literally take a fraction of a second to break in.
I recently signed up to a new social media website, and was amazed when it told me my password couldn’t be more than 10 characters. That’s shockingly short, as I’ve mentioned before. It also wouldn’t let me choose a password with consectutive numbers (eg 1234), repeated numbers (eg 1111), consecutive letters (eg abcd) or letters that adjoin on a keyboard (eg qwerty). It’s a bit confusing isn’t it, that the site had a great set of controls to prevent me from using easily guessable passwords, but wouldn’t allow me to use a long password which is another good control.
Personally, I’d like to see software vendors putting more controls in place to stop easy / common passwords being set, but I guess there would be an outcry from some people (who just don’t seem to “get” the need for more robust measures).
A word of warning then, dear reader: check the list above, make sure your passwords aren’t on it, and make sure you’re secure.