Why Are We So Lazy With Our Passwords
Posted by Mitch Mitchell on Sep 14, 2015
By now, almost everyone should have heard about the hacking of the adult cheating site Ashley Madison. Because the hackers decided to release all the information online (actually, I have no idea where they released it because I didn’t care), it’s caused a lot of grief and scandal and a few suicides; come on now, really?
As stupid as it is to join a site like that in today’s world, especially once we hear of all the website and corporations that have been hacked, what seems to be even more stupid are the most common passwords used on the site. Those passwords are: 123456, 12345, password, DEFAULT, 123456789. According to Gizmodo, the only bad password not listed in the top 25 of 2014 was ‘DEFAULT’. The password ‘123456789’ was in 6th place on their list; the other two in the top 5 were ‘qwerty‘ and ‘12345678‘.
Good grief; no wonder so many people seem to get hacked so easily. I mean, I know right now it’s very difficult to stop people who really want to get into your accounts but why make it too easy for them?
Now, I’m not going to act like I’m totally perfect; at least not in the beginning. I never used any of the passwords listed above (thank goodness I wasn’t quite that dumb), but I wasn’t above having very short passwords initially, as well as common names of things that might have been easy to figure out. Then again, back in the day there weren’t as many people hacking into accounts and there weren’t as many sites so we could get away with it.
What made me start changing up my passwords was having my business email account hacked. I never thought about it all that much until I was getting bombarded with email… from myself! lol I’d set up the email account in 2002 and given it a fairly easy password. However, I’d also started using a script on my site that I found online which turned out not to be all that secure.
Thus, I knew a lot of emails were going out in my name, which was painful enough, even after I removed the script. For a few years everything dwindled down and I thought I had it all fixed… until it started up again, this time way more intense than before. It took my hosting company to finally contact me and tell me they believed my account had been hacked for me to realize how stupid I was and to change up all my passwords, making them tougher & harder to break.
On one level that’s perfect; on another… well, I’m betting many of you know the other side. We create tough passwords but if we have a lot of things to get into it makes them difficult to remember. As I sit here right now I know that I only know the username and password for 3 of my 5 blogs, and for maybe 3 or 4 other websites I participate with in some way; that’s it. I’ll admit that I have a file on my computer that has all that information, and for many others I use Keeper, which is on my smartphone and mainly keeps passwords for wifi spots in restaurants I visit often.
We all need to either create very strong passwords or change our passwords at least every 90 days. Some IT authorities believe we should change them every 30 days, and many of you who work in corporate know that’s what you end up having to do.
However, even this might not be enough to keep you from having a bit of grief. I know this because last night I went to GoDaddy to update my subscription for this blog and, even though I’d changed my password a few months ago, I was blocked because apparently there’s someone out there trying to get into my account… probably not me personally but using software trying to get into multiple accounts. Luckily GoDaddy shuts it down after so many attempts, but it seems that changing my password does no good because you can’t change your account number without canceling your account and starting again; nope, I’m not doing that.
Since we can’t attain perfection across the board I warn you to do something to protect your interests. For me, I’d gone with harder passwords so I don’t have to constantly change them. When it comes to your blog, many of you might have missed my post about Limit Login Attempts since I wrote it in 2009, or my post on the Top 10 WordPress Plugin Recommendations I wrote here in May, which includes the one above and a couple others that will help you protect your blog.
Be smart with your passwords and usernames; protect yourself.