Top 10 weak online passwords – is yours on the list?

If the information about weak passwords related to banks or online retailers it would be worth setting up a Which? Conversation about weak passwords. It is hardly surprising that weak passwords are used for access to sites provided for entertainment.

I had not heard of rockyou.com until I looked it up. According to Wikipedia, “In December 2009, the company experienced a data breach resulting in the exposure of over 32 Million user accounts. In the controversy, it was revealed that the company failed to comply with the most basic security standards.” I wonder if any of the 32 million users lost money because they had used the same password used for their bank accounts.

How about getting some inside information from banks or building societies, and if there is a problem with weak passwords then that would be a better story and something more worthy of discussion.

I try and use a different password for each service. On the surface that sounds difficult but there is a method to how I can remember most of mine!

Think of a theme which has many words (e.g your favourite films, authors, countries, football league teams, US states, you get the idea) – and then link the name (or letters in certain positions) of the service to a word in your theme and then add a number.

E.g. if your theme is Football League Teams in England, you may decide that all your passwords will start with the second letter. So, your Which? password might begin with the letter ‘H’. Your password might then be HartlepoolUnited1888 (capital ‘H’ and ‘U’, the rest lower-case, followed by the year the Football League was founded – 1888, for extra security). You then apply this rule to all your other services – you may use the number 1888 in all your passwords, for example.

You can keep a list of these words in an obscure file that no one would think was a list of your passwords. E.g a file containing the names of every football league team in England (or add Scotland, Wales and Northern Ireland for added security). Doesn’t have to be football – I’m merely using it as an example to illustrate my method – it can be anything you like but it helps if you’re interested in that subject as this will aid memory. You may get some duplication but you can amend the rules or live with it.

I’m with Mike on this one – I use Roboorm and certainly have more than a hundred passwords from simple one for silly web sites to horribly complex mixes of alphanumerics and symbols for banking and financial.

I only commit one to memory and that’s the master password for Roboform.

I use 1Password as a password manager on my Mac. It also genrates passwords to your specifications so adding a different password to each site you use is easy as you don’t have to remember them. I’d recommend using a password manager regardless of the number or importance of the sites you visit.

I believe that a major problem with password security is the absence of one specific requirement by the Information Commissioner. He needs to write a rule: “that no organisation should ever send a user’s password to them by email.” I am simply astounded at the number of websites who send me an email with my user name AND password as soon as I register. Hey! I just keyed it in twice – I don’t need you to tell me what it is. If I forget then I will ask you for a reminder – but please don’t send me my actual password. Please send me a random set of letters and numbers or a special link that allows me to set a new password. And then, finally, 24 hours later please send me an email that simply says “yesterday you created a new password”. This will help me to know if someone else has compromised my security.

I use a variey of passwords now. Several years ago I used only two different passwords. Unfortunately, the web sites concerned, not bank accounts, do not allow me to change the passwords. This facility should be available on all web sites.

I use a variety of passwords including my old army number ~ from 50 years ago.

I use the registrations of cars I’ve owned in the past and, as I’ve had about 14 cars, there are quite a few to choose from. Current registration format is a mix of letters and numbers which satisfy most websites (you could even mix upper and lower case) and you will be the only person to remember them. Should you forget which you used, your password clue could be ‘red car’ or Renault as appropriate.

I am a little late to the conversation, but would like to add that I use *******, a small password saving programme. I keep it on a memory stick (and back that up to my external hard-drive now and then). It has one master password to unlock, and has a random password generator that can do different lengths and character parameters. I am trying to gradually change silly passwords to more secure ones.

I have over 100 passwords – more if you count that some sites require multiple codes! I do the bookkeeping/accounts for 3 firms, we have two computers at home, multiple websites for banking, pleasure, student finance, the library even! Everyone wants a password.

Maybe the programme I use was filtered as sounding rude? It is Kee Pass – join it together!

Sorry!

Ok, so I’m shamelessly sharing a link to a free online password generation tool that allows users to create long, complex and memorable passwords. Hope readers to find it beneficial. http://safepasswordmanagement.com/online-password-generator/

the biggest problem is using the same password for everything…

thankx for all the advice and awareness , thankx Which