Experts list five of the dumbest mistakes in choosing a password

Online hackers still have it too easy. Way too many people choose passwords that are either too short or too simple or use the same password too often when they are trying to protect sensitive information and data. 

Luckily there are some tips on how to avoid the dumbest mistakes when picking a passport.

Don’t use your user name as your password too.

Users should never include their own name, user name, email address or personal data in the password. That makes it too easy to figure out a password with just a little bit of research, the Hasso Plattner Institute for Software Systems Engineering (HPI) said in Potsdam, Germany. 

Real words a giveaway.

Words out of a dictionary have no place in a password, as the right programme can crack into the system in no time.

"Current password crack programmes can try about 1,500 different combinations per second," said professor Christoph Meinel from HPI. 

It is not even good to use proper names or set phrases like "iloveyou" or simple combinations such as "1c2d3e," since they are fairly predictable as well. 

The HPI suggests a mix of words, numbers and symbols. Start with a phrase like, "I always have trouble remembering passwords at 10:30 p.m.!" and turn it into the password "Iahtrp@10:30pm!". 

Exact spelling makes you vulnerable.

"Password" or "letmein" are also insecure passwords because they use conventional spelling. The HPI recommends substituting capital and lower-case letters, numbers and extra characters in a quirky way that is easy to remember. "LeTm€1n" for example is more secure. 

Don’t make it too short.

"123456" is not just a bad password because it's predictable, but also because it is only six characters long. The shorter it is, the easier it is to crack. Passwords should be at least eight characters, according to the HPI.

The German Information Security Office suggests passwords should be at least 12 characters long.

One-for-all doesn’t do the trick.

While using one password to log in everywhere may be practical, it is also extremely dangerous.

Those who use one password for various services are offering a goldmine to a successful hacker. If the hacker guesses the password right one time, then all of the other services such as email, social networks and shopping access are jeopardized. 

Last update: Sat, 03/09/2016 - 01:26
Author: 

More from Science & Tech

Electric car manufacturer Tesla recalls charging adapters

US electric car manufacturer Tesla on Tuesday issued a recall of charging adapters for its electric cars which could...

Facebook, Twitter, YouTube to share terrorist content database

Internet giants Facebook, Twitter, Microsoft and YouTube plan to develop a shared database of deleted content deemed...

Lost Russian space freighter sought in Siberia, near Mongolian border

Search teams on Friday were looking for a missing Russian space freighter believed to have crashed in southern...

Reddit to crack down on "toxic" Trump users

US-based news sharing and discussion website Reddit will take action against "toxic users," in particular some of...

Facebook accidentally deletes some of founder Zuckerberg's posts

The social media website Facebook accidentally deleted posts by its founder Mark Zuckerberg on Tuesday, including...