Assessing the Weak Password Predicament

We know the basic password rules by now; don’t use passwords that are easy to figure out. This could mean a number sequence like 123456, or one of the passwords identified as being commonly used, such as ‘iloveyou’. Or at least, that’s what we’re all supposed to know by now.

But in the war to keep our data safe, there has come some alarming news: we are actually more exposed than ever before to security breaches due to our passwords. And hackers aren’t the only ones to blame.

One Landmark Incident, Many Questions Answered

Near the end of 2009, an attack against an online games service resulted in over 14 million passwords being exposed and then posted or ‘dumped’ online. This made it much easier for all hackers to crack weak passwords, meaning that they could devote more time, energy and resources into cracking stronger passwords. It also revealed what kinds of passwords are being employed by an incredibly large number of users. And this proved to be a large part of the problem.

Shocking Numbers

Analysis of the dumped passwords revealed some shocking realities. Despite the many warnings from security experts against using passwords that are easy to crack, they appeared to have gone unheeded, as almost 1% of those 14 million users employed the “123456” password.

Unbelievably, those passwords largely thought to have been long a thing of the past were found to be in the top ten most used. For example, at number four was the password “Password”, with “iloveyou” coming in at number five.

Certain names used as passwords also earned high places on the list, perhaps because of the popularity of those names at the time births occurred – babies born in the mid to late eighties would now be in their early or mid 20s, and therefore very likely to be using the social media games service whose passwords were hacked.

Another surprising fact revealed was that approximately one third of users chose passwords of six characters or less, a far cry from the strongly-recommended combination of lowercase and uppercase letters and numbers.

Convenience Passwords

In addition to the apparently rampant use of incredibly-easy-to-crack passwords and completely overhauled hacking methods is another phenomenon. We appear to be using the same password for accounts at multiple sites.

When combined with the equipment now being used to reveal account passwords, which is thousands of times faster than what hackers were using just ten years ago, the password situation is a dire one that definitely needs to be addressed.

Creating Hacker-Proof Passwords

Changing your password frequently is still a very viable idea. But if you’re using “abc123” and then switching it to a password like “princess”, it’s very unlikely that your account will be protected. The first way to protect your accounts is to understand what not to do:

-          do not use all-lowercase letters

-          do not use all numbers, especially not in an-easy-to-guess pattern

-          do not use a name

-          do not use too few digits

A password of at least eight characters, using a mix of upper and lowercase letters, along with numbers will be much more secure than the old six character password. Considering the information that many put in their online profiles these days, you will want to refrain from using your birth date, phone number, family names or any other passwords which can be connected with you personally.

Nonsense can be the key to a secure password. Have you ever seen a license plate that you just couldn’t make sense of? This could very well be because that license plate had significance only to the owner of the vehicle. So, if you have a dog named Jed who is 10 years old, you can take the sentence “My dog Jed is 10 years old”, and turn it into a password that looks like “MdJedi10yo”.

You can also replace some letters in your password with numbers. For example, the number 3 is often used to replace the letter “E”, and the number 4 for the letter “A”.  So a word like “lego” would be “l3go”, and “apple” would become “4pple”.

Don’t Be Fooled By a Sense of False Security

Today’s hackers are more sophisticated than ever. And the passwords you are using for your online accounts could very well be posted somewhere online. It may only be a matter of time before that site you trust has their security breached. The bottom line is that no one is safe from having their account compromised or their site hacked. But the more prepared you are with secure passwords, the better off you and your data will be.


Guest author Ruth Suelemente enjoys writing on a variety of topics, particularly related to technology.  She is a frequent contributor at, a resource dedicated to heloping consumers find internet providers in their area.  You can also find .


Leave a Reply