Why Your Password Should be Almost Impossible to Remember

By now, I’m sure you’ve all heard about the Twitter hack that compromised the feeds of several high-profile accounts, including Barack Obama and Britney Spears. What makes it especially difficult to spare Twitter’s blushes is that the hack originated in a brute-force attack on the account of an administrator.

GMZ, the teenage hacker claiming responsibility for the attack, guessed the name of one of Twitter’s administrators and then simply ran a program that guessed the password using words from a dictionary until the correct password from found: it was “happiness.” Not so happy now, I’d wager.

According to the folk at What’s my Pass, the top ten most common passwords are:

1. 123456
2. password
3. 12345678
4. 1234
5. pussy
6. 12345
7. dragon
8. qwerty
9. 696969
10. mustang

I mean, really, people! Back in 1993 I was having it drummed into me not to choose any obvious words or names of family members as a password, and some of you are still doing this? If I were a less generous person, I’d say that setting a password with something that simple is virtually asking to be compromised. Hackers have moved on; doing a brute force attack is old-school. They expect better of us these days.

Your password should be a mixture of numbers, letters, and – if possible – symbols. The longer it is, the better: aim for 13 characters, in a jumble that makes no sense whatsoever. Yes, it will be a pain to memorise, but it’s less likely to fall prey to a brute-force hack. You’ll be even less thrilled when I tell you that you should change it frequently: fortnightly for critical websites, monthly for sites you’re not worried about. It may seem overly paranoid, but you have to ask yourself: what price would you put on your personal data?

[Image by Simon Lieschke]