Merlin Software’s Mike Pnematicatos chief architect talks about the worrying and continual use of weak passwords to access sites containing personal data and gives some top tips on how to set a strong password to prevent your own life being hacked.
It’s 2015 and for years now many of us have been logging onto the World Wide Web (the Interweb as technophobe James May from Top Gear calls it). So it would be fair to expect that we would have a good understanding of the importance of a strong password by now.
After all, a good password will stop you being hacked or your identity being stolen.
But clearly this is not the case if we look at the annual list of the worst passwords issued earlier this year by SplashData.
SplashData compiled the 3.3 million stolen passwords made public throughout the year and assembled them in order of popularity – and 2014 was, well, a little worrying.
Here’s the list of SplashData’s worst passwords of 2014 (and their position in relation to 2013):
1 – 123456 – No Change
2 – password – No Change
3 – 12345 – Up 17
4 – 12345678 – Down 1
5 – qwerty – Down 1
6 – 123456789 – No Change
7 – 1234 – Up 9
8 – baseball – New
9 – dragon – New
10 – football – New
11 – 1234567 – Down 4
12 – monkey – Up 5
13 – letmein – Up 1
14 – abc123 – Down 9
15 – 111111 – Down 8
16 – mustang – New
17 – access – New
18 – shadow – Unchanged
19 – master – New
20 – michael – New
21 – superman – New
22 – 696969 – New
23 – 123123 – Down 12
24 – batman – New
25 – trustno1 – Down 1
The list demonstrates the importance of keeping names, simple numeric patterns, sport and swear words out of your passwords. And who could have guessed there are so many Michaels out there!
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
So how can you pick a safe and strong password?
One tip when registering on a website where you are asked to use your email address as your user name is to never use the same password that you use for your email account.
If the web site gets hacked, and your user name and password compromised, then the hacker can easily log on to your email account using the same email address and password you used for the obscure website you registered on.
- Other top tips for choosing a password according to SplashData include:
- Don’t use a favourite sport as your password
- Don’t use a favourite team
- Don’t use your birthday or especially just your birth year
- Don’t use your name or your children’s names.
- Don’t use swear words and phrases, hobbies, famous athletes, car brands, and film names
- Use passwords of eight characters or more with mixed types of character
- Avoid using the same username/password combination for multiple websites
- Use a password manager to organise and protect passwords, generate random passwords, and automatically log into websites.
At Merlin Software we provide a variety of password options. When adding a resort’s members in bulk we use a random password generator which combines a variety of characters into a strong password.
Our business clients also have a variety of options for their passwords. They can keep things simple with a four-digit minimum password (risky according to SplashData) or implement a policy where strong passwords must be used that include a capital letter, numeric character and a symbol.
There is also functionality within Merlin’s settings where clients can force their users to change their passwords immediately at next login or after a certain time period – and schedule this so it happens automatically.
Mike Pnematicatos is CEO and chief architect at Merlin Software for Vacation Ownership. He has over 30 years’ experience in the timeshare, fractional and vacation ownership industries as a resort developer, creator of fractional and points-based products and, since 2000, as the head of development at Merlin Software – which he’s designed specifically for the timeshare industry.
Mike is based at Merlin’s head office in Cape Town, South Africa. As well as a passion for developing the latest cloud-based technology and providing a superb customer experience, Mike’s passions include aquaponics, Nespresso coffee and fat Cuban cigars. His motto is: Life’s too short for weak coffee and cheap cigars.