From aardvark to zymurgy ... any word you can find in a dictionary can also be found by a hacker. If you use one of the words as a password, don't be surprised if a hacker cracks it.
Passwords based on real words are easy prey for automated dictionary attacks, warn German police and Germany's Federal Office for Information Security (BSI). It's also best to have a different password for each website, otherwise one lucky break gives a hacker access to all of a user's accounts.
The best passwords consists of a mixture of capitalised and lower-cased letters, numbers and special characters and are at least eight characters long, advise experts. With wi-fi encryption, the password should be at least 20 characters long, some say.
Words aren't the only taboo passwords. Avoid names, birthdates, years, standard sequences of numbers or letters and letters in the order they appear on the keyboard. Also skip simple words or names that merely have a number or special character tacked on at the end, warn officials.
A good password should, at first glance, be utter nonsense. But, since those kinds of passwords are hard to remember, the BSI recommends cheats. Thus "I have 100 secure passwords for getting registered online" becomes "Ih100sP4grO."
It's key that this password be personal. Using codes based on well-known phrases, sentences, songs or poems runs the risk that hackers might already have the same phrase in their bag of tricks.
Since it would be too hard to remember so many difficult passwords, it's OK to introduce some variety by coming up with a basic phrase and then adding on some letters or symbols.
These extra keystrokes could be based upon the service being accessed, its internet address or some other constant.
To further make things difficult for criminals, change these passwords every three months and always be on the lookout for phishing attacks. And preset passwords need to be changed immediately.