List of Most Common Passwords Highlights Online Threats

When Gawker.com was recently hacked, user names and passwords of about 200,000 subscribers were "leaked" to the Internet, where the Wall Street Journal picked them up and categorized them. The resultant list of the most common passwords is instructive, if not surprising, in its simplicity. In spite of our love of firewalls, spyware trackers, and antivirus software, the online community in general still seems hell-bent on using brain-dead passwords at all costs. In our quest to make our lives easy, we've committed the electronic equivalent of arming a car to the teeth with alarm systems and anti-theft devices and then disengaging them all, unlocking the doors, and leaving the key in the ignition. Without the first simple step of removing the key, nothing else really matters.

The Gawker list is undoubtedly fairly representative of other password repositories, so the mistakes being made here might help us avoid them elsewhere. The fact that about 2% of all Gawker folks use "123456" or "12345678" as a password leads to a fairly simple rule: no sequences of consecutive numbers. The old standby, "password," chips in for about 1% of Gawker passwords. Beyond the obvious problem here, it's generally not a good idea to use plain English words, especially ubiquitous ones (like "password") or ones that might be easily guessed (like your name). Common sense also says that it's best to avoid consecutive key strokes ("qwerty"), Social Security Numbers, birthdays, and other personal information.

So how to construct a good password? Try finding a word or phrase with meaning to you, enhance it with some related meaningful number, and then throw in some capital letters or special characters for good measure. Consider using Leet (hacker speak) or some similar encryption to obfuscate a fairly common word. Possibly take a cue from organizations that utilize pass phrases rather than simple passwords and go for something sentence-like. If you can't have spaces in your password, then use underscores or capital letters.

If your new password is hard for you to remember at first, that's probably a good sign. Be creative with your password creation to ensure your online safety, and have some fun with it. Just make sure you don't leave your keys in the ignition.