Bad Passwords You Should Never Use

Guessing bad passwords is much easier than you think. You should never, ever use bad passwords to protect your computer, personal information and data.

Cyber criminals use password-guessing software that automatically tries different passwords until it guesses the right one.

Bad PasswordsDon't be an easy target.

They have been doing this since the beginning of (Internet) time. If you think you can outsmart them by changing a few characters in an otherwise easy-to-guess password, you will be disappointed.

They have been doing this since the beginning of (Internet) time. If you think you can outsmart them by changing a few characters in an otherwise easy-to-guess password, you will be disappointed.

Let’s put this in perspective:

  • Could you fight a karate expert and win?
  • Could you play a Top 10 tennis player and win?
  • Could you run 100-meter dash against Usain Bolt and win?

Then why do you think you could use bad passwords and stop cyber thieves from breaking into your computer?

Hoping that your computer will be spared because it is not interesting to anyone is the wrong way to think. Cyber thieves break into computers and websites for all sorts of reasons. The fact that they don't know or care about you doesn't mean you are any safer.

Computer attacks are automated. Everything connected to the Internet is attacked the same way. The risk of ignoring this is too high.

Here are some bad passwords you should never use.

Your Birthday

You should never use your birthday, in any format, in your password.

Birthdays are bad passwords because they are not very difficult to find or guess. Maybe you already added yours to your Facebook or LinkedIn profile, in which case anyone can easily look it up. Even if you do not have it listed there, it is not very hard to uncover.

You should treat your birthday as valuable personal information. Do not share it with anyone unless you really have to. Birthday is often used by the government and financial institutions to confirm your identity (when you have to prove that you are who you say you are).

Giving your birthday when you have to open a bank account and start a job is unavoidable. However, do not give it randomly to other people, organizations or online services.

Knowing your birthday makes it easier for thieves to steal your identity and open credit cards, loans and other financial services in your name. Unless you are a celebrity, keep your birthday for yourself, your family members and close friends. Do not share it on social media and hide it in your Facebook, LinkedIn, Twitter, and other social media services.

You do not necessarily need to give your birthday to every online service or retailer that asks for it. They ask for this information to wish you a happy birthday and build a more accurate profile on you. Then they sell your personal information to companies that will use it to advertise their products to you.

Your birthday - and other personal information - is then copied many times as one business sells it to another. After a while, your information is everywhere. It only takes one of these companies to be broken into for your data to be stolen.

There is no value to you in giving away your birthday to social networks. If they will not let you sign up or use the service without providing your birthday, give them a date that is not your birthday. Write it down, in case you will need to provide it in the future.

In our layered security approach, every little bit of protection adds up.

Names

You should never use any names in your password.

Names are bad passwords because cyber thieves know that using your own name, maybe in combination with a few numbers, is a common password. Using the name of your cat or dog instead or your own does not add any security to your password. Do not bother spelling names backwards or out of order – these are all very easy to guess.

Don't try to be clever. You can't outsmart a professional cyber thief.

Words in Dictionary

You should never use any words that can be found in a dictionary in your password.

Dictionary words are bad passwords because criminals have been using dictionary password attacks for many years. In these attacks, the computer software uses the words in a dictionary to guess your password. Adding a few numbers to a dictionary word does not provide any additional security.

There are software dictionaries for every language in the world. If you speak an esoteric language and want to use words from its dictionary, don't. Computers are very fast and can go through all the dictionaries and word permutations and combinations extremely quickly.

There are also more advanced password attack techniques that are very powerful. The password guessing software is very sophisticated. You would be amazed to see your passwords that you thought made no sense to anyone get broken (guessed) very quickly.

As long as your passwords follow some logic, rules or patterns, the password-guessing software is aware of it and will figure out the password. Cyber criminals do this for a living, you cannot beat them at their own game.

Personal Information

You should never use any personal information in your password.

Personal information includes your:

  • house and street number
  • phone number
  • anniversaries
  • social security number
  • license plate number
  • zip code
  • car model

and so on.

Passwords that are based on personal information that you think only you know are bad passwords. We live in the world where privacy is dead. It is easy to find out where you live, what your zip code is or where you went to school.

Using very private personal information like social security numbers is even more dangerous because if it gets stolen it can be used to clone your identity. Never ever use any of your private personal information on a third party website, for anything.

Websites and online service providers do not do a good job taking care of your passwords. We read about companies being broken into and hacked every day. Most don't even end up in the news.

No matter what the company that was broken into says, assume all their data has been stolen.

Those companies that do a good job protecting your personal data can still be broken into. Technology today is very complex, and there is a general lack of proven technology standards. Endless features (demanded by us, the consumers) and “smartness” that is built into the software we use every day makes it very difficult to provide a secure online and web service.

Even the companies that care about protecting your personal information and data can still be broken into.

Technology is very complex, and there is a general lack of proven technology standards. Endless features (demanded by us, the consumers) and “smartness” that is built into the software we use every day makes it very difficult to provide a secure online and web service.

Keep it simple. Don’t use your personal and private information for passwords.

Bad Password Combinations

Using combinations of bad passwords by spelling them backwards or inserting a number or special character (dot, comma, bracket, and so on) does not add any additional security.

These are all workarounds for bad assumptions, which are based on beliefs  that the password-guessing software cannot guess such passwords. It can.

In order for a password to be secure, it has to meet these requirements:

  • Impossible for a human to guess
  • Impossible for a computer to guess
  • Too time consuming for a computer to break

If your password is your birthday in combination with your cat's name, a cyber criminal will easily guess it. Finding out your birthday and cat's name could be as simple as looking at your Facebook or Instagram.

If your password can be found in a dictionary, in any language, a computer will guess it very quickly. Adding a random number sequence in front or after (123myhouse or myhouse123) makes no difference, the password-guessing software knows about this.

A more random password, for example "XM%3wxW{5A|7wT(e6,SQ" (don't use this as a password, it is only an example), a computer cannot compare to any words in a dictionary. It also cannot find it on your Facebook page. It has to perform a brute force password attack.

In a brute force password attack, the computer starts with the first password character, then second, third, and character by character, goes through all the possible combinations trying to match them in sequence that the password is in.

If such a password is 20 or more characters long, the computer will take a very, very long time. It has to go through many permutations of characters, and this can take years. The longer the combination-of-random-characters password, the longer it takes to try all the combinations of characters, numbers and special characters in the correct order.

When you use strong, secure passwords, like "XM%3wxW{5A|7wT(e6,SQ", the computer has to work very hard to figure them out. It is math, a simple and powerful concept that you can take advantage of.

The Takeaway

Cyber thieves are smarter than you are.

They use advanced techniques to guess and break your passwords. If you use bad passwords, you will get hacked.

Bad passwords you should never use include:

  • Birthdays
  • People's and pet's names
  • Words found in a dictionary, in any language
  • Personal information
  • Any combinations of the above

Strong passwords will take a computer years to figure out. No cyber thief will wait that long. They will move on to the next, easier target, to someone who uses simple passwords that can be figured out quickly.

Use strong, random, computer-generated passwords and store them in a password manager.

  1. Password Security
  2. Bad Passwords