2 August 2007
Hackers and thieves love bad passwords because they’re easy to guess. You might be surprised at how easy it is to guess common password-types. And if a thief can guess your email password, she may be able to get at your bank account or other sensitive information, whether or not you use the same password for both accounts.
Consider this scenario. A hacker finds your personal email address somehow. Then, she guesses your email password. Next, she goes to your bank’s website and claims that she’s lost her password. “No problem,” says the bank website. “We’ll send your password to your email address”. And she’s in.
Good banking websites will usually have a little more protection than that (such as personal identification questions), but these are often easily guessed.
Here’s a list of passwords-types that hackers already know about – they use lists like this one to guess passwords:
- Your name or a partner’s, child’s, or pet’s name (possibly followed by a 0, 1, or postal code)
- Any of your social security number digits
- 123, 1234, or 123456
- password, letmein, itsme, love, money
- The name of your house, street, city, home country, holiday location
- Anything to do with your car (make, model, licence plate number)
- Any word in the dictionary (yes, really)
- Months of the year and days of the week (especially birthdays)
- Names of films, film stars, celebrities
- References to TV shows, movies, or written fiction (including character names)
In the next post, I’ll tell you about a good way to make strong and memorable passwords.
Read more about passwords