Bad passwords guide

05/03/2018
G DATA Blog

How beautiful life could be without passwords. They prevent others from accessing our data and computers. By sticking to just a few rules you can create passwords, that everyone can use.

Passwords, passwords passwords. Everywhere passwords. The internet is teeming with it. And even for my PC and my smartphone I need these annoying watchwords. It could be so simple. When Paul Watzlawick in 1983 published his book "The Pursuit of Unhappiness", passwords were in use mostly in military environments. Otherwise he would have dedicated a chapter to it. We can't overcome this drawback, but would like to provide a few tips in the spirit of Paul Watzlawick, and show how passwords become less frightful.

#1 One password for all circumstances

There are many opportunities to setup passwords. Resist the impulse to use different passwords and be in line with the motto "Never change a working password". In the end you run into trouble if you don't.

#2 Never change passwords

You shouldn't change an approved password. Never. Even if the press is in panic about the latest breach. All the time you need to click through the configurations, can be better spend. In the end you risk that it doesn't work anymore. If your service provider or employer is forcing you to update your passwords, simply add a digit or the year.

Priority #1 - easy to remember

The most important aspect of a password is, that you don't forget it. You can't login then and in the worst case you have had your data.

  • The password should be short and concise. The longer it is, the more you have to type afterwards
  • Choose a term from your immediate environment. E.g.:
    • First name or nickname of your partner or pet
    • Your car's license plate
    • The place of your residence or your street name
    • A year (birth, wedding, current)
    • The PIN code of your credit card
    • Quite popular are supplements of the phrase "My password is ..." like "secret", "incorrect", "a lie" etc.
  • Only use lower case characters from the English alphabet. Or - even better - use digits only. This also works on smartphones or with the credit card. Spare yourself the trouble with special characters and avoid them.
  • If you can't think of a nice expression
    •  Run your finger across the keyboard. You don't have to remember the resulting character sequences, if you know where you started and stopped. Quite popular are e.g. "1234", "asdf" oder "1qay".
    • Consider to select a password from one of the many lists of popular passwords. These expressions are proven and tested by many satisfied users.
    • Check the popularity of your password on this site. The more frequently it has been used, the more people are happy with it (N.B. the Amazon-ish recommendation "users who used this password also used this one" has no use if you stick to rule #1. Unfortunately you cannot promote your password there. If you are really fond of your password you might create a Facebook group with other users of this password.)
  • Make sure the password you choose can be guessed or derived easily. Your colleagues, family, and neighbors are surely happy to help you out, if your password refuses to come to mind.

In case you forgot your password

The worst thing about passwords is, that they fade away, just when you need them most. Be prepared for that worst-case.

  • You don't need a password manager. What's the use of a program that safes your password if you need the forgotten item to access it.
  • It is much easier to save the password in Word or TXT document. For convenient access you can put it a nice spot on your desktop.
  • Let your browser save passwords for you. If the browser keeps it, you don't have to remember them.
  • No matter whether at home or in the office. A post-it on your monitor, pinboard or on your desk has often made sure that access is granted.

These tips hopefully guided you to the finding, that the situation is hopeless, but not serious.