Password Puzzle

The other day I got an email from a friend. In this email, sent from his AOL account, he asked if I could send him money in England because he was recently robbed while visiting and needed my help in this time of crisis. The good news was that he was so organized he was able to tell me exactly where to send the cash. I found this email especially fascinating since I talked the same friend the other day and he didn't mention this trip and he hasn't used that email account in years. Obviously, I concluded his account had been hacked, quickly deleted the email and thought nothing more of it. However, because the universe is funny, this afternoon I had my attention directed to an article on the technology website, PCWorld. In it they talked about the 25 worst passwords you can have for your computer. As you can imagine, there isn't much in the way of groundbreaking insight in the article because it essentially points that the less imaginative your password, the easier it would be to hacker to crack. Some of the easier-to-figure-out yet still-popular codes they discovered that people are using include '1234', 'qwerty', 'password', 'jesus', 'abc123' and, for some reason, 'monkey'. Even the ones people used to think were creative just a few years ago, such as 'letmein', are not only on the "Too easy" list, they are in the top-ten. At first glance the article is the kind of thing which makes you feel better about yourself because even if your password isn't the hardest thing to figure out, at least you are doing better than these people. (Unless of course, your password is on here somewhere, in which case you're welcome for bringing it to your attention.) But if you read a little deeper you realize that even though this article may not be exactly about you, you could still learn a thing or two.

What mostly concerned me about the article was the fact that PCWorld felt the need to point this out, because it means a lot of people either don't know or don't care about password strength. You would think that in this day and age, when more and more business is being done online, that people would be willing to spend a few extra seconds on coming up with a password that is a little creative. Most websites will even give you a meter to let you know how strong your attempt is so people no longer have the excuse of simply assuming their selection is mind-boggling to a hacker. Seriously, at this point if you are using '111111' as your password than a small piece of me thinks you probably deserve what is coming to you. Now, the only flaw in the article is that it didn't tell the reader what kind of site these people were using these simple passwords on, which does matter. I know I certainly have a harder password for my emails than I do for my fantasy football league. I can only hope that these people were using these code words to protect inconsequential data. It is one thing when you have an incredibly unimaginative password to connect to the printer at work because it is not like hackers will be spending hours trying to break on through and even in they manage to break in they can't really do much damage. But when a password is all that stands between you and a random person having access to your banking records I don't think 'easy to remember' should be high on your list of priorities.

The other thing the article points out is that too often people use the same password for everything, which is just as bad. I know trying to remember a different password for every website you visit sounds like a pain but it beats the alternative, which in the real world would be like having your house keys also start your car. You can't stop people from trying to mess with your stuff but you don't have to turn yourself into a one-stop shopping center for hackers. Now, I've been lucky in that any hacking of my email or other such things has been pretty light and quickly corrected. For the longest time I have assumed this is because I really don't have an online identity worth stealing. Also, I'm online all the time, which would make sneaking in unnoticed kind of difficult. However, thanks to people I follow on Twitter constantly asking me if I want to learn how to make thousands of dollars working from home simply by clicking on a link, I am becoming increasingly aware that sometimes hackers go after random people for no real reason. So, this article made me kind of paranoid and considering one of the words I have used as a password previously appears on this list my concern appears to be justified.

That is why the main thing this article really achieves is fear. I don't care how secure you think the password you have picked out is, seeing an article like this will cause you to question if it is really strong enough. Personally, I think a little reminder that maybe we aren't as secure as we all think we are might not be the worst thing in the world. A little nudge to go back and double-check our password strength could be just what we all need, especially when you consider most people only change their work passwords because either their company upgrades software or the current system will only allow them to keep the same one for so long. When you consider most people don't bother to update their personal passwords for even longer, maybe we could all do with a little beefing up of our email security. If the inclusion of passwords which were once thought to be pretty strong such as 'trustno1' can make it onto this kind of list, it's pretty safe to assume the same password you have had for your email since the day you signed up isn't much harder than that. Even worse is that you don't know you've been hacked until it is too late. Now, if you'll excuse me I'm off to change every password I have. Also, if you actually get robbed while in England I suggest calling me because if you send an email I'm just going to assume you've been hacked.