Bad Passwords You Should Avoid

Using bad passwords makes you an easy target.

Cyber criminals use password-guessing software that automatically tries different passwords until it guesses the right one.

They have been doing this since the beginning of (Internet) time. If you think you will outsmart them by changing around a few characters in an easy-to-guess password, you will be disappointed.

Cyber thieves are much smarter than we are. They steal information for a living. All day, every day, they work on finding new and creative ways to break into computers and websites. Do you really think you are better at this then them?

Let’s put this in perspective:

  • Could you fight a karate expert and win?
  • Could you play a Top 10 tennis player and win?
  • Could you run 100-meter dash against Usain Bolt and win?

 Yeah, me neither.

Then why would you think you could use bad passwords and stop cyber thieves from breaking into your computer?

Hoping that your computer will be spared does not work well either. Now you are gambling with your personal information and data. Computer attacks are automated. Everything connected to the Internet is attacked the same way. The risk of ignoring this is too high.

So what can you do? Should you just stop using your computer? Or disconnect from the Internet?

Of course not! There is a powerful tool you can use to protect yourself and your family: knowledge.

If you know what the computer security dangers are, you can avoid them. You do not need to know as much as a technical expert, or a cyber thief. You only need to know enough to make the thieves go somewhere else.

Learn a few basics and you will dramatically increase your computer security.

Passwords protect your computer and online services from unauthorized access by other people, which is why knowing more about good and bad passwords is very important.

Here are some bad passwords that you should never ever use.

Your Birthday

You should never use your birthday, in any format, as a password.

Birthdays are bad passwords because they are not very difficult to find or guess. Maybe you already added yours to your Facebook or LinkedIn profile, in which case anyone can easily look it up. Even if you do not have it listed there, it is not very hard to uncover.

You should treat your birthday as valuable personal information. Do not share it with anyone unless you really have to. Birthday is often used by the government and financial institutions to confirm your identity (when you have to prove that you are who you say you are).

Giving your birthday when you want to open a bank account and start a job is unavoidable. However, do not give it randomly to other people, organizations or online services.

Knowing your birthday makes it easier for thieves to steal your identity and open credit cards, loans and other such services in your name. Unless you are a celebrity, keep your birthday for yourself, your family members and close friends. Do not share it on social media and hide it in your Facebook, LinkedIn, Twitter, and other social media services.

You do not necessarily need to give your birthday to every online service or retailer that asks for it. They ask for this information to wish you a happy birthday and build a more accurate profile on you. Then they sell your information to companies that will then use your personal information to advertise their products to you.

Your birthday - and other personal information - is then copied many times as one business sells it to another. After a while, your information is everywhere. It only takes one of these companies to be broken into for your data to be stolen.

Remember, in our layered security strategy, every small security improvement counts.

Names

Do not use any names as your password.

Names are bad passwords because cyber thieves know that using your own name, maybe in combination with a few numbers, is a common password. Using the name of your cat or dog instead or your own does not add any security to your password. Do not bother spelling names backwards or out of order – these are all very easy to guess.

Words in Dictionary

Do not use any words that can be found in a dictionary as your password.

Dictionary words are bad passwords because criminals have been using password dictionary attacks for many years. In these attacks, the computer software uses the words in a dictionary to guess your password. Adding a few numbers to a dictionary word adds no security.

There are software dictionaries for every language in the world. If you speak an esoteric language and want to use words from its dictionary, don’t do it. Computers are very fast, and can go through all the dictionaries and word permutations and combinations extremely quickly.

There are also more advanced attack techniques that are very powerful. The password guessing software is very sophisticated. You would be amazed to see your passwords that you thought made no sense to anyone but you get broken (guessed) very quickly.

As long as your passwords follow some logic, rules or patterns, the password guessing software is aware of it and will figure it out. Cyber criminals do this for a living - you cannot beat them at their own game.

Personal Information

Do not use any personal information as your password.

Personal information includes your house and street number, phone number, anniversaries, social security number, license plate number, zip code, car model, and so on.

Passwords that are based on personal information that you think only you know are bad passwords. We live in the world where privacy is dead. It is easy to find out where you live, what your zip code is or where you went to school.

Using very private personal information like social security numbers is even more dangerous because if those get stolen they can be used to clone your identity. Never ever use any of your private personal information on a third party website, for anything.

Websites and online service providers do not necessarily do a good job of taking care of your passwords. If you read the news you will notice that companies are being broken into every day. No matter what the company that was broken into says, assume all their data has been stolen.

Those companies that do a good job protecting your personal data can still be broken into. This is because technology today is very complex, and there is a general lack of proven technology standards. Endless features (demanded by us, the consumers) and “smartness” that is built into the software we use every day makes it very difficult to provide a secure online and web service.

Keep it simple. Don’t use your personal or private information for passwords at all. Then you don’t have to worry about it. Use a password manager instead.

Combinations

Using combinations of bad passwords by spelling them backwards or inserting a number or special character (dot, comma, bracket, and so on) does not add any additional security.

These are all workarounds for bad assumptions, which are based on beliefs  that the password-guessing software cannot guess such passwords. It can.

In order for a password to be secure, it has to be impossible by a human or computer to guess, and too time consuming for a computer to brute force.

What does this mean?

A password that a computer can guess, like a word found in a dictionary (remember, adding “123” after such a word makes no difference), the computer will guess very quickly.

A more random password, like "M792jATm50jqJSON6F8J" (don't use this as a password, it is only an example), a computer cannot compare to any words. The computer has to perform a brute force attack. It has to start with the first character and then, character by character, go through all the combinations of characters.

If such a password is 16 characters long, the computer will take a very, very long time. This is because it has to go through many more permutations of characters, and this takes much longer to do. The longer the password, the longer it takes to try all the combinations of characters and numbers.

When you use strong, secure passwords, the computer has to work very hard to guess them. It is just math - a simple concept that you can use to your advantage.

If it takes a 10 or more years to break (guess) your password, you know at least that no one will bother to get into your computer that way.

Be Better, Don't Use Bad Passwords

Cyber thieves are smarter than you are.

They use advanced techniques to guess and break your passwords. If you use bad passwords, they will get you.

These are bad passwords:

  • Birthdays
  • People's or pet's names (or any names)
  • Words found in a dictionary (in any language)
  • Personal information
  • Any combinations of the above

Keep it simple. Use a password manager to create strong, secure passwords.