Security breaches seem to be more and more of a common occurrence over the past few years. While some of these breaches are out of our control, there are things you can do to minimize the chances of this happening to you. SplashData, a password maintenance company out of California, recently announced the Worst passwords of 2013. While there are several new additions to this annual list, a majority of these have not only been catalogued each year, but actually moved UP in frequency. This is a strong indication that consumers are not taking these security breaches seriously, assuming that nothing will happen to them.
Let's take a look at 2013's list, along with their change in rank from 2012.
- 123456 (Up 1)
- password (Down 1)
- 12345678 (Unchanged)
- qwerty (Up 1)
- abc123 (Down 1)
- 123456789 (New)
- 111111 (Up 2)
- 1234567 (Up 5)
- iloveyou (Up 2)
- adobe123 (New)
- 123123 (Up 5)
- admin (New)
- 1234567890 (New)
- letmein (Down 7)
- photoshop (New)
- 1234 (New)
- monkey (Down 11)
- shadow (Unchanged)
- sunshine (Down 5)
- 12345 (New)
- password1 (Up 4)
- princess (New)
- azerty (New)
- trustno1 (Down 12)
- 000000 (New)
Are any of your passwords on this list? If so, change them immediately, avoiding the words on this list at all costs.
Interestingly, we're seeing an increase in the usage of passwords that are Adobe-themed, as well as varying combinations of numbers. Morgan Slain, CEO of SplashData says "Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing."
So just what can you do to ensure your passwords are secure? Let's take a look at a few suggestions for creating safer passwords:
- Create passwords that are at least eight characters in length, including a mixture of character types. But commonly used substitutions such as "trustno1" can still be vulnerable, while random character combination such as "7%#&9Tk" can be too difficult to remember. SplashData recommends using passphrases-- short words with spaces or other characters separating them. Use random words such as "cakes candles years" or "smiles-rainbow-skip" to make it more difficult for attackers to hack.
- By now, most of you have probably heard about the Heartbleed breach. While iOffice was not affected by this breach, we do recommend changing your password for all of your online sites, just to be safe--particularly if you use the same password for multiple sites. When setting up your new passwords, try to avoid using the same username and password combination for more than one website. You are particularly vulnerable when using the same password for your entertainment sites such as email, social networks and financial services. Utilize different passwords for each new site you sign up for.
- If you have more than a few sites that require a password, remembering them all will be next to impossible. Try using a password manager application such as LastPass or SplashID Safe, which hold all your passwords and require an encrypted password to access. 10 Top Password Managers can help you determine which option is best for you, based on a variety of factors.
iOFFICE takes your information's safety very seriously. In addition to the above recommendations, we have a few more suggestions for ensuring your passwords are safe and secure. These are standard requirements when creating a password in our software platform:
- Do not include your account name or display/full name in your password. When creating your password, our system verifies your account name is not used, unless it is less than three characters long.
- Should your display name include delimiters such as commas, periods, dashes or hyphens, underscores, spaces, pound signs, or tabs, split this up. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password. iOffice's system checks to ensure these rules are followed.
- Your password should contain characters from three of the following categories:
- letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
- Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
- Base 10 digits (0 through 9)
- Non-alphanumeric characters (special characters) (for example, !, $, #, %)
- Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages.
In 2011, IBM predicted that by 2016 passwords will be replaced by voice and eye activated systems. Since both are unique to every individual, this would make things much more difficult for hackers to breach. Until this technology is announced, consumers must take special care in protecting themselves against potential attacks, as one security breach can have devastating results.