If your password could speak, it might be trying to tell you something, and not all of it would be flattering. Despite years of warnings, weak and predictable passwords are still one of the most common ways cyber criminals gain access to accounts. Let’s take a look at some familiar favourites and why they’re such a risk.
Key Takeaways:
- Common passwords are still everywhere. Simple, predictable choices remain one of the easiest ways for cyber criminals to break into accounts.
- Small tweaks aren’t enough. Swapping letters for symbols doesn’t make a weak password strong if the base word is obvious.
- Long, unique passwords are your best defence. Passphrases and password managers make strong security far easier than most people realise.
Passwords to *not* use
“Password123”
“We’ve been together since you created your account in 2007, but I think it’s time for us to go our separate ways.”Using “Password123” is the digital equivalent of leaving your front door wide open with a sign asking not to be robbed. It’s one of the first combinations attackers will try.
“P@s$w0rd!”
“I’m still just password wearing a fancy hat.”
Replacing letters with symbols can help, but not if the word underneath is still “password.” Attackers and automated tools know all the common variations.
“Fluffy” (your pet’s name)
“I know you love your cat, but so do your 500 (or 5,000+) social media followers.”
Pet names, birthdays and personal details are easy to guess, especially when they’re shared publicly online. If your pet has their own fan base, it’s probably not a great password choice.
“starwarslover”
“May the force be with you when the hackers attack.”
Your favourite movie, band or sports team feels personal, but it’s rarely unique. These kinds of passwords are easy for attackers to predict and crack.
“123123”
“Twice as lazy and half as secure.”
Simple number patterns are incredibly weak. If this sounds familiar, it might be time to learn about passphrases.
How to create a password you can be proud of
Strong passwords don’t have to be hard to remember, just hard to guess.
Use at least 12–16 characters, and mix uppercase and lowercase letters, numbers and symbols. Avoid names, dates and anything that could be linked back to you. Never reuse the same password across multiple accounts, especially for work systems.
Better yet, use a password manager to generate and securely store strong, unique passwords for every account.
A password worth keeping
A good password should be like a good spy: hard to find, impossible to guess and capable of keeping secrets.
A few small changes today can save you from a very big headache tomorrow.
