Watch CBSN Live

The most insecure passwords on the Internet

Passwords are generally the one thing standing between the bad guys and your email, network access, bank accounts and all the other personal and corporate resources you use every day.

That's why it's utterly mind-boggling that today, in 2011, real people still use passwords like these:

password, 123456, qwerty, abc123, monkey, 1234567, letmein, 111111, iloveyou, master, sunshine, passw0rd, shadow, 123123, 654321, superman, and qazwsx

Why your smartphone's PIN is far more vulnerable than you think
A new (and simple) strategy for secure, essentially unbreakable passwords

That list was compiled by security company SplashData from lists of passwords posted online by hackers. Says SplashData:

"Hackers can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft. What you don't want is a password that is easily guessable. If you have a password that is short or common or a word in the dictionary, it's like leaving your door open for identity thieves."
The bottom line is that if you use a dictionary word or an otherwise easily guessed password, you should change it right away. Those passwords are vulnerable. And if you use the same password on multiple accounts or logins, you are inviting catastrophe. Here are the golden rules of password management:

1. Make it utterly unrelated to you personally. No names of spouses, pets or old high schools. No birthdays or social security numbers.

2. Mix upper and lower case letters. And throw in at least one non-alphanumeric symbol, such as !, @, or ? if possible.

3. It's a good idea to base your password on an extended phrase rather than a single word. You can then abbreviate the phrase and mix up the case, such as: 2bon2b*Titq. That mouthful of virtually uncrackable gibberish comes from the easily recalled "To be or not to be; that is the question."

4. Make all of your passwords different. Even if you have a great password, don't use it in more than one place. Every password you generate should be unique, so if someone hacks your Facebook account, they don't also get your bank account login at the same time. And that leads to...

5. Use a password manager. There's no way a real human can track and manage dozens of unique passwords like the one in tip No. 3. So rather than taking shortcuts in password quality or using the same one over and over, use a manager to store all of them for you.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.