Proof That A Lot Of People Have Awful Passwords
In case you’d not heard (where’ve you been?) LinkedIn recently had 6.5 million passwords stolen and published, in hashed form, on a website. LastPass.com has responded by creating a tool that lets you enter your own LinkedIn password and it will test it to see if your password was one of the passwords that was leaked.
Password. Pa55w0rd. PaSsWoRd.
Now I’m not for one second going to advocate typing your current LinkedIn password into this website, regardless of how many times they claim it is safe to do so. The ONLY place you should be entering your LinkedIn password is on the LinkedIn website, that’s just common sense. But what it DOES give us is the rare opportunity to test some passwords to see if people have used them. I’ve spent a little time trying some out.
Here are just a few leaked variations of the word “password”:
The Top Ten LinkedIn Passwords
According to an infographic purporting to have come from rapid7.com, the top 10 LinkedIn passwords are:
If you’ve ever considered using any of these, or any combination of these, please don’t.
Try it yourself, there are some truly awful passwords in there!
How To Pick A Strong Password
There are a number of tricks to choosing strong passwords and I plan to cover what I consider the best password policy ever in a future post (edit: Never Forget Your Password Ever Again. Ever. EVER!), but to get you started here’s a really easy way to create an incredibly strong password:
- Think of a reasonably long phrase (8 or more words ideally) that’s easy to remember. For example, “when the mites go up the tights go down” (which is one way of remembering which are stalagmites and which are stalactites).
- Take the first letter of each word of the sentence: “wtmguttgd”.
- Think of a number that has some relevancy to you, perhaps the year someone you love was born: e.g. 1979.
- Now add that number somewhere in the string of letters you had: “1979wtmguttgd”.
- Choose some letters to be capitalized using whatever rule makes sense to you, e.g.: “1979WTMGUttgd”, or “1979WtMgUtTgD”.
Some more examples you might consider:
- “A stitch in time saves nine.” => “asit1983S9”
- “This is the best website in the world” => “2405titBwitw1977”
- “I hate picking passwords for websites” => “iHpP4W1066”
- “Better pick a pocket or two” => “1960Bpapo2”
Oh, and I checked, none of those passwords were amongst the compromised passwords! ;)