Either in Facebook’s security incident where passwords are stored in plain text, or Microsoft’s mail hack where Outlook was partly compromised, the spokesperson of the incident would recommend users to change their passwords.

Why are passwords so important for your cybersecurity? How can you create strong passwords to endure cyberattacks? Hopefully this blog can provide you with some insights.

Dangers brought by weak passwords
  1. Passwords are doorkeepers of your personal accounts. If your doorkeeper is easy to fight over or cheat by malicious Internet Bot, your residence could hardly be safe and sound. What’s more, you will never have an idea about what scammers would do with your personal information.
  1. Things could be worse if passwords are ever stolen from the company in a data breach. This tends to form a business email compromise (BEC), in which scammers may impersonate as your boss and ask you to wire huge sum of money that you can never claim back.
  1. In the era of Internet of Things, weak password will result in access to one device, and subsequently infect all the other smart devices of yours. They will all face a hijack for nefarious purposes. You may refer to the previous story about the insecure medical device against heart attack.
Worst passwords you can ever think of?

Although internet users have already been much more vigilant than decades ago, according to the U.K. government’s National Cyber Security Center, the most vulnerable and popular passwords remain the same.

Apart from numbers in order, bad passwords also include names, soccer players, musicians and fictional characters.

The list was confirmed by the list of Top 100 Worst Passwords issued by Splashdata (you wouldn’t want to miss the hilarious video in it). And enjoy some examples on the list:

1    123456    (Rank unchanged from last year)
2    password    (Unchanged)
3    123456789 (Up 3)
4    12345678 (Down 1)
5    12345 (Unchanged)
6    111111 (New)
7    1234567 (Up 1)
8    sunshine (New)
9    qwerty (Down 5)
10    iloveyou (Unchanged)

Create a stout password

You must have spotted the common ground in bad passwords mentioned above: too short, too regular, thus too predictable.

For security purposes, your password must:

  • Be at least eight characters (the longer, the better)
  • Have a combination of numbers, letters, and symbols (the more random the combination, the better)
  • Have a combination of lowercase and uppercase characters
  • Be changed every three months

You may ask, “since my password is so complicated, what if I forget my password?”

Truly sounds dire. Thus you need to make it easy for you encode but difficult for others to decode.

Our recommendation is to extract your password from a phrase or sentence. For example:

My favorite band was Queen 20 years ago = MfbwQ20ya

Excited to watch the 8th season of the Game of Thrones! = Etwt8sotGoT!

Bingo! Since the sentence you want to say may change from time to time, you must be more motivated to change your password regularly J

However strong your password might be, if you are caught by a phishing email, it makes no difference from handing your password over to scammers.

Our last tip is an anti-phishing add-in, Mr. Post, for your Outlook, browser and mobile phone. Let our experts save you from the trouble of phishing emails.