Experts list five of the dumbest mistakes in choosing a password

Online hackers still have it too easy. Way too many people choose passwords that are either too short or too simple or use the same password too often when they are trying to protect sensitive information and data. 

Luckily there are some tips on how to avoid the dumbest mistakes when picking a passport.

Don’t use your user name as your password too.

Users should never include their own name, user name, email address or personal data in the password. That makes it too easy to figure out a password with just a little bit of research, the Hasso Plattner Institute for Software Systems Engineering (HPI) said in Potsdam, Germany. 

Real words a giveaway.

Words out of a dictionary have no place in a password, as the right programme can crack into the system in no time.

"Current password crack programmes can try about 1,500 different combinations per second," said professor Christoph Meinel from HPI. 

It is not even good to use proper names or set phrases like "iloveyou" or simple combinations such as "1c2d3e," since they are fairly predictable as well. 

The HPI suggests a mix of words, numbers and symbols. Start with a phrase like, "I always have trouble remembering passwords at 10:30 p.m.!" and turn it into the password "Iahtrp@10:30pm!". 

Exact spelling makes you vulnerable.

"Password" or "letmein" are also insecure passwords because they use conventional spelling. The HPI recommends substituting capital and lower-case letters, numbers and extra characters in a quirky way that is easy to remember. "LeTm€1n" for example is more secure. 

Don’t make it too short.

"123456" is not just a bad password because it's predictable, but also because it is only six characters long. The shorter it is, the easier it is to crack. Passwords should be at least eight characters, according to the HPI.

The German Information Security Office suggests passwords should be at least 12 characters long.

One-for-all doesn’t do the trick.

While using one password to log in everywhere may be practical, it is also extremely dangerous.

Those who use one password for various services are offering a goldmine to a successful hacker. If the hacker guesses the password right one time, then all of the other services such as email, social networks and shopping access are jeopardized. 

Last update: Sat, 03/09/2016 - 01:26

More from Science & Tech

China schedules first automated lunar sampling mission for November

China has scheduled the launch of lunar probe Chang'e-5 for November this year, in a mission marking several new...

Samsung: Battery design, manufacturing errors behind Note 7 fires

The design and production of the Samsung Galaxy Note 7's batteries caused the mobile phones to catch fire, the South...

Facebook to build data centre in Denmark

The Danish city of Odense and social media giant Facebook announced on Thursday the city was to host a new European...

Scientists say 2016 was warmest on record, for third consecutive time

Last year was the warmest since recordkeeping began in 1880, US government scientists said Wednesday, making 2016...

SpaceX's Falcon 9 rocket makes first launch since September explosion

An unmanned SpaceX rocket blasted off from a California launch pad on Saturday and delivered 10 satellites into low...