We all know the drill – passwords need to be complex, kept secure and changed regularly. But, what if you’re still storing the passwords to all your online accounts in your head? People have got to have a system.
The thing is, hackers can work out popular password formulas. People think that they’re being really clever and security conscious by creating these systems, but to hackers, they’re pretty predictable.
A password management company called Dashlane recently carried out some research that looked at the (public) data of around 61 million passwords from years of data breaches. Aside from all the super obvious passwords that people use, formula style passwords were also really common.
They found that password combinations such as ‘walking passwords’ , which involves hitting adjacent keys on a keyboard to make a ‘random’ password, were really common. Things such as 1q2w3e4r or 2wdcvfe3. So secure. These type of passwords are really popular, so might appear in ‘dictionary attacks’ against random sites.
The research also showed that people make formulas using a base password and then add in the name of the website that they’re visiting. For instance the base password might be ‘securepword’, and when the user visits Tesco online, they add the word ‘Tesco’ to the base password to create their (not so) secure password of ‘tescosecurepword’.
The research really highlights that a lot of web users do know about the importance of password security. But they think that they’re outwitting the hackers by making formulas for passwords to be ‘random’, but also memorable to them. It’s just not secure enough though.