Abort-Retry-Fail

I have a mental list of the 30 passwords I use on a daily basis. These passwords are never less than 8 characters and they include all manner of things from caps, to numbers, odd characters, and if I am allowed really crazed ASCII characters (which I am only rarely allowed).

(WebHost Blog) I have a mental list of the 30 passwords I use on a daily basis. These passwords are never less than 8 characters and they include all manner of things from caps, to numbers, odd characters, and if I am allowed really crazed ASCII characters (which I am only rarely allowed). Not to toot my own horn or anything but I am pretty paranoid when it comes to passwords, if I wrote a password down on a strip of paper you can bet your bottom dollar that I will eat said paper (or toss it into my paper shredder, but that just doesn’t have the same sort of… hmm… we’ll call it RAAAAARRRGGGHGHGH!!!1!!1one!)

I have a number of yahoo and Gmail accounts (used when giving emails to sites that I know will spam the heck out of me later), so when I heard about the Hotmail, Yahoo, Gmail email phishing scheme, I went online changed all my passwords and told anyone who would listen to do the same. But this is not the good bit.

You may ask what is the good bit? The good bit is, the phishers posted the passwords and a few enterprising security researchers uncovered one of the saddest list of passwords ever conceived by human or beast!

For instance only 6% of Hotmail passwords contained a mix of letters, numbers, and characters. More than 60% were either all lowercase or all numbers. And now for the fun part, the top 10 most used passwords!

10. estrella (which I thought quite odd)

9. 1234567

8. 12345678

7. alejandro

6. tequiero

5. alberto

4. 111111

3. alejandra

2. 123456789

1. 123456

Now in all fairness, I imagine a lot of people are like myself when it comes to these sort of “throw-away” email accounts. I am not really concerned about the information contained in there since a great deal of it is spam and most of it really doesn’t matter. However, I realize that some of the email contains passwords for forum accounts and the like and that is why I keep the passwords fairly strong (and why I changed the passwords, since I don’t want to find out that a forum account or two of mine was hijacked).

So with that in mind, I am hoping that the passwords are a little stronger on something like corporate accounts. Instead of 6% having a mix of characters, numbers, and letters, I will wager its probably closer to 15%, which is still abysmal, but nearly 3 times better than Hotmail passwords.

Making stronger email passwords is not so hard a thing. They can even be somewhat personal and still be strong. Take a fact you know about yourself that no one else does (I am sure we all have those sorts of things) and capitalize one or two of the letters. Next replace a letter or two with characters that looks similar and viola! you have yourself a strong password that can be more easily memorized. If you have major problems remembering, get yourself an encrypted key drive, put your passwords in a text file, change the file type of the file (like make it restaurant.jpg instead of password.txt), put it in an encrypted archive, put that in an encrypted archive, put that on the key. Add that key drive to your key chain. There you go… just never misplace your keys.

About David Dunlap
Over the past ten years David has been a prolific author of hundreds of blogs, commentaries and reviews found here on WebHostBlog.com, as well as WebHostMagazine.com and other sites around the Internet. David manages the daily operations at both WebHostBlog and Web Host Magazine & Buyer's Guide, and as the head editor, David uses his unique analytical skills to ensure that both sites maintain their integrity and tough, but fair minded, reputations. Prior to his active career analyzing the Web Host industry, David specialized in networking and communications for the U.S. government. David's expertise in traditional and search engine marketing has helped boost companies both inside and outside of the Web Host industry.