Experts list five of the dumbest mistakes in choosing a password

15 Feb, 2016

Online hackers still have it too easy. Way too many people choose passwords that are either too short or too simple or use the same password too often when they are trying to protect sensitive information and data.
Luckily there are some tips on how to avoid the dumbest mistakes when picking a passport.
Don't use your user name as your password too.
Users should never include their own name, user name, email address or personal data in the password. That makes it too easy to figure out a password with just a little bit of research, the Hasso Plattner Institute for Software Systems Engineering (HPI) said in Potsdam, Germany.
Real words a giveaway
Words out of a dictionary have no place in a password, as the right programme can crack into the system in no time.
"Current password crack programmes can try about 1,500 different combinations per second," said professor Christoph Meinel from HPI.
It is not even good to use proper names or set phrases like "iloveyou" or simple combinations such as "1c2d3e," since they are fairly predictable as well.
The HPI suggests a mix of words, numbers and symbols. Start with a phrase like, "I always have trouble remembering passwords at 10:30 pm!" and turn it into the password "Iahtrp@10:30pm!".
Exact spelling makes you vulnerable
"Password" or "letmein" are also insecure passwords because they use conventional spelling. The HPI recommends substituting capital and lower-case letters, numbers and extra characters in a quirky way that is easy to remember. "LeTm?1n" for example is more secure.
Don't make it too short
"123456" is not just a bad password because it's predictable, but also because it is only six characters long. The shorter it is, the easier it is to crack. Passwords should be at least eight characters, according to the HPI.
The German Information Security Office suggests passwords should be at least 12 characters long. One-for-all doesn't do the trick While using one password to log in everywhere may be practical, it is also extremely dangerous.
Those who use one password for various services are offering a goldmine to a successful hacker. If the hacker guesses the password right one time, then all of the other services such as email, social networks and shopping access are jeopardized.

Read Comments