Password Trends in 2018
Updated: Feb 25, 2019
Passwords are possibly the most necessary irritation we have to deal with in our modern digital world. Most people have become aware of the basic password tricks like using at least 8 characters, one capital letter, and a number, but most people have either ignored those tips entirely or simply met the most minimum requirement possible. Passwords are the keys to the digital kingdom-they guard your email accounts, credit card information, work websites, social media platforms, and so much more. Yet, we become so overwhelmed with how inconvenient it is to have to remember them that we become complacent and lazy with them.
Dashlane, a password manager, collaborated with Virginia Tech to analyze 61 million passwords accessed through online databases. They have identified several trends in password creation through that analysis. The following will discuss the four trends and the accompanying dangers of creating such passwords. Each of these trends has a potential solution.
Trend #1: Password Walking
Imagine you are sitting at your computer and creating a password. Your first instinct is to push the buttons that are close together on the keyboard. I mean, as long as you have eight characters and some numbers, right? While the previous version of password walking created passwords like “12345678” or “qwertyui,” more recent evolutions of password walking have created slightly more sophisticated passwords like “1q2w3e4r.” At first glance, this seems like a strong password. It is eight characters. It has several numbers in it. What’s not to love? However, this password is entirely predictable and honestly quite lazy. Any hacker would know to try this, and this is one password that would be simple to crack.
Solution: Be Random
The best alternative to password walking would be to type eight letters, numbers, and symbols entirely randomly on the keyboard. This would produce something like “h3nFp8s0.” No hacker would be able to guess this. However, if you insist on being less random, at least have a pattern to your password that utilizes the whole keyboard. Maybe use a letter from the top row followed by a number followed by a letter from the second row and then a symbol followed by a capitalized letter from the third row followed by a number followed by a symbol and then another number. That would produce something like "q7g#V2&0." You can even use letters from all the first letters of the words in a phrase. For example: "Trix Are For Kids" > "t1a3f5k7." Be creative. There are ways to create strong passwords that are still easy to remember.
Trend #2: Love and Hate Passwords
This trend is even lazier than password walking. All a hacker has to do is look at your Facebook page to see if you are “in love” to decide to guess that your password is “iloveyou.” This trend also has been entered into the hacker’s password playbook. And using “iloveyou” or “ihateyou” as a password is the most minimal design of a passphrase in existence.
Solution: Be Less Predictable
Passphrases are an impressive and acceptable substitute for passwords, but only when used correctly. To use a passphrase like "iloveyou" is completely predictable. Instead, choose four words that have no connection like "russiarainrandomrose." (Russia, rain, random, and rose). The words can make sense to you, but they should have no obvious connection. They can start with the same letter as long as they are not connected. You can strengthen them even further by adding numbers instead of letters or capitalizing a random letter. No hacker can crack "ruSsiarainrAndomr5se." Be unpredictable.
Trend #3: Using brands as passwords
I am still not sure why this is a trend. The only password requirement using a brand will meet is the eight characters. Any hacker can see your likes and dislikes on Facebook and guess that if you are using a brand as a password, it is probably in that list. Especially using well-known brands like “cocacola” is completely obvious, because people are creatures of habit. Almost half of hackers can find someone’s password from something listed on their social media feed.
Solution: Just DO NOT use brands!
Brands are too predictable. They are probably listed on your Facebook or other social media page somewhere, and you probably will not use the brand of something you do not like as a password. Hackers have this trick in their playbook as well.
Trend #4: Using Music and Movies as Passwords
This is similar to using brands. It may make a good base, but do not use it unmodified as a password. These too are probably listed on your Facebook page, and any hacker would know to look there for clues. Movies are too predictable. You tend to like the same kind of movies, so passwords are likely to be of the same basic genre. If you seem to like musicals on your Facebook page, it is entirely possible to create a long list of potential passwords.
Solution: Use movies as a base instead of the whole password.
Ideally, you will choose to go against your love of musicals as material for passwords. However, if you insist on using a movie, there are ways to do it that will be safer and less predictable. Once again, adding numbers or capital letters in random locations is the solution. For example, say you have an undying love for Superman. Take that word and make it random. This could give you something like "sU6eRma4." This gives an eight-letter password that will be difficult to crack.
Passwords are some of the most important strings of letters and numbers in your world. Yes, they are irritating. Yes, they are cumbersome. But, their importance cannot be overemphasized. And as such, the time and effort you devote to making strong passwords has a direct effect on your cyber-security.