Let's talk about weak passwords.
Obvious weaknesses
The following passwords must be avoided:
taylor21
qwerty
abcdefgh
iloveyou7
1234...
Some comments have been hidden by the post's author - find out more
For further actions, you may consider blocking this person and/or reporting abuse
One thing I find helpful is to use a few latin or greek characters in my passwords.
å é î ø ü, etc. Theoretically those shouldn't exist in brute-force engines usually. Nice article :)
Thanks!
Theoretically, english speakers will likely use english passwords, non-english speakers will likely use non-english passwords.
While it seems logical, I don't have statistics to back up that assertion.
I guess it adds a significant level of randomness to the password if you mix them with other chars, which is great, but the total length is still the most critical element, to me, as there are wordlists for all alphabets and charsets.
As a greek person personally I've never used a greek character in a password and I don't think anyone really does
Great article! My passwords definitely aren’t very strong, but I try to use login with GitHub and login with Google and have a strong password for my GitHub and Google account. Something I think is a bit scary with using sites like ihavebeenpwned is that they could use it to steal actual passwords that are entered and sell them…
Interesting, you use your GitHub and Google as master account/password. It seems convenient, but it might have some caveats.
One of them could be the single point of failure: 1 account opens everything. Besides, Google can track you everywhere.
Just wondering, isn’t that a problem if you use password managers too? I’ve never used one, but isn’t it so that one password opens everything in that case?
Oh, and also, Microsoft (that owns GitHub) can probably also track me everywhere.
Yes to all 😈. In my experience, password managers have very secure procedures, though. It's not exactly like hacking a simple login/passwd. You'll get devices/IP monitoring, key-based cryptography, etc.
Oh, didn’t know that! I should try one out!
That's a good idea. I changed my master passwords for large platforms/sites to be almost thirty characters long.
Good article!! There was an article I read some time ago that recommended using meaningful phrases instead of passwords as phrases are much harder to guess. For example, the phrase “AStitchInTimeSavesNine” is meaningful enough for me to remember but would be hard to crack. Throwing in a few special characters as well as using longer phrases will also help make it more secure.
Seems a good practice. I would recommend using something very unpredictable, though, so maybe avoid famous Hollywood dialogs, songs lyrics, quotes, proverbs/sayings.
Alternatively, you might use far-fetched concatenations like "AStitchInTimeSavesNineNowOrNever." Of course, as those two possible passwords are now disclosed, they can't be trusted/used 😀
I like the passwordless solution like microsoft.com/security/blog/2021/0...
Nice. Decentralized authentication with features such as key-based cryptography may improve user experience and security at the same time. It's probably a better approach, but not available everywhere unfortunately and pretty challenging to setup correctly for websites and applications.
My passwords are always a concatenation of 8 to 12 chars of a sentence and in the end looks like random numbers, letters and special characters but it makes sense to me, thus easy to remember.
I would probably not disclose my approach, but I usually prefer more safety over convenience. 12 chars seems fine, though.
just use áéíúüóñ
oh crap, you just found my Bluetooth password 🫢
I think dual authentication is also helpful, such as SMS or Email verification.
yep, this is what I meant by 2FA and MFA
EDIT: sorry, I did not pay enough attention. I recommend using an app for 2FA or special devices for MFA rather than email and SMS. SMS is probably the worse.
Don't get me wrong. SMS is still better than 1FA, but it's the less secure way.