The 6 Worst Password Ideas

November 29, 2012

Making a good password is more important than ever and with as many sensitive accounts – email, credit cards, shared documents – as we have online today there’s simply no excuse for using bad passwords. You should always create a password that is easy for you to remember but would be very difficult for a stranger to guess. That may sound like a contradiction, but it’s not as difficult as it seems.


Still, some people haven’t caught on to that yet. Here’s a list of the six worst ideas for creating passwords.

  1. Simple, successive: It might be easy for you to remember ‘123456,’ or ‘qwerty,’ but guess what: Anyone who has ever seen a keyboard will be in your email in about 30 seconds. Making your password the same as, or related to, your login is also a serious mistake. Remember, when it comes to creating passwords, simplicity is bad, and complexity is your friend.
  2.  The name of a loved one: You might love your mom to pieces, but using her name as the key to all things dear to you is easy pickings for an attacker. Your favorite niece’s name or your dog’s name isn’t any better, especially when that information might be posted on your Facebook page for all to see.
  3. Getting cute: Yes, the goal of a password is to keep people out. But using that theme as your password – ‘password,’ ‘keepout,’ ‘letmein,’ ‘stayaway’ – will have exactly the opposite result of what you’re looking for.
  4. Cool words: Some words are cool and easy to remember. That also means that they aren’t just always on the tip of your tongue – they’re on the tip of hackers’ tongues too. Stay away from words like ‘dragon,’ ‘mustang’ and ‘ninja.’
  5. Sports!: Everybody loves sports, right? Well, hackers do too. If you’re inclined to pick your favorite sport as your password – don’t. Words like ‘football,’ ‘baseball,’ or ‘soccer’ aren’t worth the digital pixels that created them.
  6. Simple fixes: Taking passwords that are simple and adding the slightest of curveballs won’t work either. Just because you added a numeral or an exclamation mark – ‘passw0rd,’ ‘basebalL’ ‘mother!’ – to your easily decodable entry key doesn’t mean your accounts are secure. They aren’t. It’s important to mix lower case letters, upper case letters, numerals and special characters into your password, but don’t be predictable about it.

What you can do: Develop complex passwords with a mix of lower and upper case letters, numbers and special characters and ensure you use a different password for each site, according to Dmitry Bestuzhev, a Kaspersky Lab researcher. “Remember, you can’t stop your service provider being hacked, but you can avoid a bigger disaster when all of your accounts get compromised at once just because you used the same password,” he said.

If you have trouble remembering or creating strong, complex passwords, try Kaspersky Password Manager, which can handle those duties for you and stores them in a cryptographically secured state.