Why Are We So Lazy With Our Passwords

By now, almost everyone should have heard about the hacking of the adult cheating site Ashley Madison. Because the hackers decided to release all the information online (actually, I have no idea where they released it because I didn’t care), it’s caused a lot of grief and scandal and a few suicides; come on now, really?

Linux password file
Christiaan Colen via Compfight

As stupid as it is to join a site like that in today’s world, especially once we hear of all the website and corporations that have been hacked, what seems to be even more stupid are the most common passwords used on the site. Those passwords are: 123456, 12345, password, DEFAULT, 123456789. According to Gizmodo, the only bad password not listed in the top 25 of 2014 was ‘DEFAULT’. The password ‘123456789’ was in 6th place on their list; the other two in the top 5 were ‘qwerty‘ and ‘12345678‘.

Good grief; no wonder so many people seem to get hacked so easily. I mean, I know right now it’s very difficult to stop people who really want to get into your accounts but why make it too easy for them?

Now, I’m not going to act like I’m totally perfect; at least not in the beginning. I never used any of the passwords listed above (thank goodness I wasn’t quite that dumb), but I wasn’t above having very short passwords initially, as well as common names of things that might have been easy to figure out. Then again, back in the day there weren’t as many people hacking into accounts and there weren’t as many sites so we could get away with it.

What made me start changing up my passwords was having my business email account hacked. I never thought about it all that much until I was getting bombarded with email… from myself! lol I’d set up the email account in 2002 and given it a fairly easy password. However, I’d also started using a script on my site that I found online which turned out not to be all that secure.

Thus, I knew a lot of emails were going out in my name, which was painful enough, even after I removed the script. For a few years everything dwindled down and I thought I had it all fixed… until it started up again, this time way more intense than before. It took my hosting company to finally contact me and tell me they believed my account had been hacked for me to realize how stupid I was and to change up all my passwords, making them tougher & harder to break.

On one level that’s perfect; on another… well, I’m betting many of you know the other side. We create tough passwords but if we have a lot of things to get into it makes them difficult to remember. As I sit here right now I know that I only know the username and password for 3 of my 5 blogs, and for maybe 3 or 4 other websites I participate with in some way; that’s it. I’ll admit that I have a file on my computer that has all that information, and for many others I use Keeper, which is on my smartphone and mainly keeps passwords for wifi spots in restaurants I visit often.

We all need to either create very strong passwords or change our passwords at least every 90 days. Some IT authorities believe we should change them every 30 days, and many of you who work in corporate know that’s what you end up having to do.

However, even this might not be enough to keep you from having a bit of grief. I know this because last night I went to GoDaddy to update my subscription for this blog and, even though I’d changed my password a few months ago, I was blocked because apparently there’s someone out there trying to get into my account… probably not me personally but using software trying to get into multiple accounts. Luckily GoDaddy shuts it down after so many attempts, but it seems that changing my password does no good because you can’t change your account number without canceling your account and starting again; nope, I’m not doing that.

Since we can’t attain perfection across the board I warn you to do something to protect your interests. For me, I’d gone with harder passwords so I don’t have to constantly change them. When it comes to your blog, many of you might have missed my post about Limit Login Attempts since I wrote it in 2009, or my post on the Top 10 WordPress Plugin Recommendations I wrote here in May, which includes the one above and a couple others that will help you protect your blog.

Be smart with your passwords and usernames; protect yourself.
 

21 thoughts on “Why Are We So Lazy With Our Passwords”

  1. I got a notice from my web host saying several of my sites had been hacked and I had 24 hours to remove the malicious code or they were shutting them down. To paraphrase, they wrote, “Oh, and by the way, there is a lot of bad code and accidentally removing something you should not could break your whole site. Good luck. Oh, by the way, you can buy/subscribe to this company we partner with and they will fix your malware infected sites. 24 hours. Get on it!”
    (My rant on mafia extortion tactics removed for brevity…)
    So one thing everyone kept saying was update your WordPress plugins and CHANGE ALL OF YOUR PASSWORDS.
    So that has gotten me to thinking and one thing I came up with is along the lines on what you said Mitch about having a file on your computer with your passwords. BUT… what if you do not have your computer with you? What if you are on your tablet or smartphone and need a password for something? So what I am working on is an Excel spreadsheet with all my passwords in a password protected file that I keep in DropBox. This way all my passwords are with me as long as I have Internet access.
    Thoughts?

    1. Troy, didn’t you see that link I put in for Keeper? I use that on my smartphone. I also have a larger file that I keep in Dropbox for now, although I have to admit that with all the hacks that one scares me a little bit.

      I’m having an issue with code on my oldest blog as well. Trying to upgrade it to PHP 5.4 but it won’t take for some reason. The host can’t help me; irritating and frustrating but I trust me to figure it out some day.

  2. Yes I saw KEEPER but did not click through to research what exactly it is.
    Today is my day off and my main missions are to look for a job and post pictures of some of my work on my Facebook page as well as update LinkedIn etc. All those things people do when they find themselves without a job. :/
    “Every new beginning comes from some other beginning’s end.”
    Anyway, glad you have your password issue under control.

  3. The bakery I worked for was sold and the new owners say that want me but I am not gonna wait around to find out. Gotta be proactive. There are some good leads out there for someone like me so…
    Check out the Treats By Troy album on my Facebook. More pics being added almost daily. LOL!

  4. The most basic security measure you can use to guard against this is to have multiple passwords for your different online accounts – whether they are for personal or business use. And don’t just think of easy passwords, like your birthday or wedding anniversary – these are usually the first thing hackers try. The best passwords are alphanumeric – composed of both letters and numbers so that it’s harder to crack.

    1. That’s true Purushottam (is there a shorter name I can call you by? lol), though they can be hard to remember. Maybe one of my idea in this post will help some.

      1. Thank you! you are right, my name is big and hard to remember. Actually my full name is Purushottam Kumar Thakur. But you can call me Thakur or Uttam.

  5. My apologies for not having noticed that the email automatically showed one that I had discarded. I shall be more careful in future comments. I hope that this works from now on.

      1. Me too. One of my email accounts got hacked a few years ago and they sent out an email to everyone in my address book. I had to immediately reset my password and then send out an apology email letting everyone know that it was not me that sent it. I wasn’t even using one like ‘1234567’ or ‘qwerty’.

        I have been using very difficult passwords ever since.

  6. Honestly I am not surprised about the idea diversity of most people. I try to constantly change my passwords every 2 – 3 months. But yeah, over the past years I have created basically a database for all my accounts.

    I am exited about Keeper, never heard of it before.
    Do you know whether there is a reminder for udpates on passwords, or if you can note it somewhere with the Login information, so that you can always see when you alst changed it?That would be great.

    Sorry, for focussing to much on Keeper. I started tipping this comment, when I opened up your post for Keeper.

    1. There’s no reminder on Keeper for that as far as I know. On that front you’d have to set an alarm elsewhere. As for passwords in general… I hate changing them, but I’ll do it every once in a while if my mind starts believing that it might be too easy for someone to crack.

      1. Thanks Mitch. A reminder would have been wonderful. But anyways I will consider giving it a try.

  7. My husband and I made the mistake of having the same password for all accounts. Someone hacked one thing and had access to everything. Now we have random passwords for everything. We haven’t had a problem sense.

    1. Glad you owned up to that Tanya. I understand that because back in the day I had the same username & password for every site I visited. Course, back then we didn’t have to worry about hackers or people coming up with software to crack sites we joined. I know a little better now; whew! πŸ™‚

Comments are closed.