Password Management: Tell me your password isn’t Password

Prior to working in the IT field, I never took password management seriously. Keep in mind, that was 10 years ago and it wasn’t as important then as it is these days. I heard about password security, but it wasn’t something I was really concerned about.

Once I got into the IT Industry, I took an interest and read a lot of content online. One of the most intriguing recurring articles is the annual list of most common passwords. You would think, over time, people would realize the importance of using complex passwords. But NO, the list really doesn’t change from year to year. Certain applications force complexity requirements. So, passwords in some instances have gotten longer. Instead of password “1234,” some are now forced to use “123456789” or “123456!A.” Many people just don’t understand how easy it is to “crack” simple passwords.

The list also shows our laziness. Many of us want to enter the quickest, easiest password and move on. When I first saw the annual list, the password “qwerty” caught my eye. I thought what the heck is this? Then I looked at my keyboard and saw it was the first six characters! This is one of the many passwords on the list year after year. Not to mention “password” and “password1.”

Passphrase vs Password

Now that I am years into my IT career and present a lot of Cyber Security Training, I always suggest to the audience to use a “passphrase.” A passphrase is simply using a phrase rather than a common word or stream of characters. A passphrase, by nature, is longer and more complex. It is also easier to remember compared to say, your spouse’s name with a couple special characters mixed in. An example of a passphrase is “I love 2 Bike!” This is easy to remember, and it includes capital letters, a number, and a special character. Depending on the application you are logging into, you can also use spaces to make the password longer and more complex.

In addition to avoiding common, simple passwords never reuse the same password for multiple logins. This is very important. If a password is compromised and you use the same password in multiple places, you dramatically increase your risk. As hard as it is to manage multiple passwords, never use the same password!!! If you have a difficult time managing passwords, use a Password Manager Application such as LastPass. Also, if you are not forced to change your passwords, get into the habit of changing them at least once a year. Passwords, whether they are for social media, shopping and banking sites, your favorite restaurant delivery service, or personal email accounts, should not fall into the “set it and forget it” category.

Top 20 Most Common Passwords

Here are the most common passwords according to SplashData from Wikipedia List of the Most Common Passwords.


6 Password Management Tips

Remember these valuable tips taken from previous Safety Net blogs:

• Never reuse passwords between sites
• Change passwords at least once a year
• Use a passphrase that is long but easy to remember. An example would be “Safety Net k33ps me safe!”
• Use a base passphrase and make a unique piece for each service or website
• Password managers like LastPass work across multiple devices and make it easy to securely manage multiple passwords
• Never share your passwords

Password Management can be cumbersome, but it’s necessary.  These simple tips can help keep your data and personal information safe and secure.