What has to happen for people to begin using passwords that are at least moderately complex?
The most recent massive data breach, which resulted in the theft of roughly two million passwords, primarily came from Google, Twitter, Facebook and Yahoo. Trustwave Spiderlabs, a security research firm, learned that of the millions of passwords that were swiped, the most common password used was “123456.” After that, the next most popular password was “123456789.” The next highest on the list was is “1234,” followed by “password” and, finally, “12345.”
Though Spiderlabs said it rated 28 percent of the stolen passwords as “bad,” they also found that only 6 percent of the passwords were of “terrible” quality. It also considered 44 percent of the passwords used to be of “medium” quality. 17 percent got a “good” grade, while only 5 percent were regarded as “excellent.”
Despite Spiderlabs’ troubling findings, they noted in an official blog post that things are improving. Spiderlabs notes that in 2006, only 17 percent of passwords were 10 characters or longer. Now, that number has spiked to 46 percent. So, at the very least, a significant amount of people seem to be trying to improve their password choosing habits.
So what makes a good password according to Spiderlabs? If yours consists of at least eight characters and all four character types, which includes uppercase letters, lowercase letters, numbers and special characters, it would be thought of as an “excellent” password. On the other hand, a password made up of four characters or less, and only one character type, is a “terrible” password by Spiderlabs’ standards.
So if your password for any of your online accounts is “123456” or “password” or “qwerty,” take the hint already. Mix your passwords up. Otherwise, you’re just asking for trouble.