A weak password, one that can be easily guessed, is almost as bad as no password at all.
For example, if you use a password that conforms to common patterns that most people tend to use, it can be easily guessed. According to Wikipedia, repeated research has demonstrated that around 40% of user-chosen passwords are readily guessable because of the use of these patterns:
- blank (none)
- the word "password", "passcode", "admin" and their derivatives
- the user's name or login name
- the name of their significant other or another relative
- their birthplace or date of birth
- a pet's name
- automobile licence plate number
- a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
- a row of letters from a standard keyboard layout (e.g., the qwerty keyboard -- qwerty itself, asdf, or qwertyuiop)
So, the lesson here is simple, and becomes Maxim #4:
Use an ungues sable, or difficult-to-guess password always.
What's an unguessable password? I'll cover that in the next issue.
Continue to Part 2
Ken Harthun is the Security Editor for Daves Computer Tips. He also writes about security issues for IT Knowledge Exchange and blogs on general Geek things at Ask the Geek. You can read more about Ken here.