Wired’s Kim Zetter reports over at the Threat Level blog (“Most Common Hotmail Password Revealed!“) that “a researcher” did a study of the compromised Hotmail, MSN, Live.com passwords and found that “123456″ was the most common password.
Are you kidding me? C’mon people, we can do better than this. If this wasn’t so damn pathetic, it would be funny.
There are a lot of tips and tricks for creating passwords that you will remember. The difficult part for most people I think is coming up with a password that is not only easy to remember, but secure and strong as well. For too long, many of us have assumed that if you can create a password that meets even one or two of these criteria you are doing well.
My two teens can attest to how many different “vaults” I have inflicted on them when I opted for creating very secure passwords over passwords that I had much hope of remembering. And my schemes really fell apart when I could not remember the passwords for the password vaults!
Finally, I read a great technique for creating passwords. The method is very simple, generates very strong passwords, and the method inherently generates passwords that are easy for you to remember.
Here it is: Use a common, secret, but nonobvious, “root” (some series of letters and numbers that are so meaningful for you that you will never forget them) as the basis for your password. Use this same common root every time you create a new password. But – to complete each new password, use a secret (but easy to remember) formula (and the same formula every time) that will generate a series of letters and numbers specific to the website or link.
As an example, if you used the word “yes” as the root of your password, and then customized each password by using the first two letters (in upper case) of the name of the website, then added the two numbers (say, “07″) that were meaningful, and then added the last two letters of the website (in lower case), then your password for Yahoo would be: yes + YA + 07 + oo, or yesYA07oo. Your password for Google would be: yes + GO + 07 + le – resulting in the password “yesGO07le”. You could obviously come with your own very creative (but memorable) variants of this technique.
This method is very secure because you are mixing letters and numbers, mixing upper case and lower case, and because you are using a different password for every website. The password is easy to remember because you are using the same root every time, and then customizing the password the same way every time.
But “123456″, really? Really?
