Monday, January 30, 2012

Is Your Password (Still) 123456?

The Goodson Blogson has written before on the topic of weak passwords, which are sadly common in cyberspace. Back then, our post on the topic cited a 2007 study of the most popular—and vulnerable-- online passwords, including 123456, password, qwerty, and abc123. In November, the password-management outfit SplashData released a list of the "25 Worst Passwords of 2011", which revealed that those laughably bad passwords remain at the top of the list more than four years later (and no, "passw0rd" – which also made the 2011 list – isn't really an improvement).

To help combat this crummy-password epidemic, gadget blog Gizmodo has declared Wednesday, February 1st to be “Change Your Password Day”. Their site explains the vulnerabilities in common passwords, and offers tips for strengthening them, including strategies for creating a memorable “pass phrase” which incorporates more difficult-to-crack length and a variety of letters, numbers and symbols. Duke’s own IT Security Office also maintains a page of helpful tips for selecting passwords that are both strong and memorable.

Gizmodo has also created a helpful list of “The Best Times to Change Your Passwords”, which depends upon the sensitivity of the information stored in the account. But for many readers, it’s obvious that the correct answer is “right now.” For assistance with your email and account security, visit the Academic Technologies Help Desk.