How to Choose A Super Secure Password?

Despite years of advice urging us to beef up the strengths of our passwords, it seems not many of us are actually taking note.

Web hosts WP Engine got their hands on a database of ten million leaked passwords that had been compiled by security consultant Mark Burnett. Their analysis showed that 0.6 per cent of the passwords were simply “123456”…

The most common passwords included “password” and “qwerty” and the ten most popular alone accounted for sixteen out of every one thousand passwords; 8.4 per cent ended with a number between zero and ninety-nine and more than twenty per cent of the time that number was “one”.

 

WP Engine also found that we humans are suckers for patterns. Whilst “1qaz2wsx” may look like an impressively rigorous password, it becomes less so when you realize that it was created with adjacent keys.

Creating passwords in this way is known as a “keyboard walk”, and hackers running such combinations could crack it pretty easily.

“Adgjmptw” featured in the top twenty keyboard walks, but is the only one that is not a walk across a QWERTY keyboard. Can you figure out what it is (answer at the end)?

However, if those are all examples of bad passwords, just what makes a good one? Especially when you factor in the need to be able to remember it. In a 2011 study, Saranga Komanduri and colleagues at Carnegie Mellon University sought out the answer.

Participants created a total of twelve thousand passwords based on a variety of construction rules, including “comprehensive8”, in which passwords had to be at least eight characters long, contain upper and lower case letters, a number, a symbol and not contain a dictionary word. For example, “Tgfq1&Ha”.

If you are thinking those rules are complicated, then you’d be right. The researchers found that only eighteen per cent of participants could create a suitable comprehensive8 password on their first attempt. In fact, twenty-five per cent of people gave up before they successfully created a working password.

Of course, such efforts would be rewarded if they led to a greater level of security. So, Komanduri put comprehensive8 up against other passwords.

8.4% OF PASSWORDS END WITH A NUMBER BETWEEN 0 AND 99.

 

THE 50 MOST USED PASSWORDS

  1. 123456
  2. PASSWORD
  3. 12345678
  4. QWERTY
  5. 123456789
  6. 12345
  7. 1234
  8. 111111
  9. 1234567
  10. DRAGON
  11. 123123
  12. BASEBALL
  13. ABC123
  14. FOOTBALL
  15. MONKEY
  16. LETMEIN
  17. SHADOW
  18. MASTER
  19. 696969
  20. MICHAEL
  21. MUSTANG
  22. 666666
  23. QWERTYUIOP
  24. 123321
  25. 1234567890
  26. P*S*Y
  27. SUPERMAN
  28. 270
  29. 654321
  30. 1QAZ2WSX
  31. 777777
  32. F*CKY*U
  33. QAZWSX
  34. JORDAN
  35. JENNIFER
  36. 123QWE
  37. 121212
  38. KILLER
  39. TRUSTNO1
  40. HUNTER
  41. HARLEY
  42. ZXCVBNM
  43. ASDFGH
  44. BUSTER
  45. ANDREW
  46. BATMAN
  47. SOCCER
  48. TIGGER
  49. CHARLIE
  50. ROBERT

The researchers then subjected these passwords to two different forms of hack. The hardest to crack? Basic16. Even after ten billion guesses, these passwords were only hacked twelve per cent of the time. That compares to twenty-two percent for comprehensive8 and sixty per cent for basic8.

So, not only is the requirement for uppercase/lowercase, numbers and symbols more frustrating for the user, it seems it doesn’t offer as much protection as a string of sixteen lowercase letters. So, Tgfq1&Ha isn’t as a good as four random words strung together to make sixteen letters, for example redpiggolfcheese.

Concocting a story around the words will help you remember it – a red pig hitting a lump of cheese with a golf club is a pretty hard image to shake!

ANSWER: Adgjmptw is a keyboard walk on a phone’s number pad, created by pressing each of the numbers 2–9 in order.

 

THE PASSWORD IS DYING

Our advice is all well and good, but we’re afraid it does come with an expiry date. That’s because it is very likely our children, and our children’s children, will laugh relentlessly at us for the fact we ever had to type in some arbitrary string of letters and numbers in order to gain access to our most precious information.

We’re already seeing the beginnings of such a revolution. In 2016, Facebook announced their Account Kit initiative at an industry conference. Rather than signing in using a password, you input your phone number instead. A confirmation code is then sent to your phone and that’s what gets you in.

PASSWORDS CREATED USING BASIC16 ARE THE HARDEST TO CRACK.

Smartphone banking apps are beginning to let you into your account by recognizing your fingerprint through a pad on your device. Major banks are also busy developing technology that goes a step further by authenticating your identity simply by the way you hold and use your phone. Face and iris recognition technology isn’t that far over the horizon either.

It is no surprise, because people hate passwords. Surveys suggest that seven in ten people have to hit the “forgot my password” button twice a month. If our technology can know it is us without the inconvenience of having to provide explicit credentials, then we might one day look back on passwords with the same kind of nostalgia as the 8-bit characters.

2 thoughts on “How to Choose A Super Secure Password?

  • June 23, 2017 at 6:10 pm
    Permalink

    Hey this is very nice and informative article. thanks for sharing this and keep posting amazing article like this.

  • June 24, 2017 at 5:45 pm
    Permalink

    Hi,
    This is a very good article, thanks for sharing

Comments are closed.