When the Anonymous hacking collective hacked and released onto the web the usernames and passwords of Syrian President Assad’s ministerial office staff what surprised me most was that almost 40% of the passwords were “12345”.
It just makes it too easy for hackers when security is that lax. I bet here in the UK our security would never be that easy to break through… Yeah, right!
If you have accounts with passwords that are simply ordered sequences of numbers or real words, you are open to getting hacked yourself, so please, look after your data by securing your passwords.
I had a client call me with a password that was exactly the same as their domain name recently. This is a bad idea because brute force hacking attacks generally start with the obvious ‘12345’ and so on, but the very next step they take is to run a reverse DNS lookup on the host to find the domain name. Variations of the actual domain name are then generated as potential passwords to try automatically.
Go for at least 10 digits of random jumbled letters and numbers in no order that anyone else will understand. A mix of upper and lower case is also good.
To remember it you need an acronym.
E.g.
PASSWORD: bbwfi2007bnac
ACRONYM: brown bear was founded in 2007 by nicola and chris
Simple to remember… and no, ‘ bbwfi2007bnac’ is not a password we have ever used (or ever will now that it has been published on the web).