It's been several years since I have written about password hygeine. I have been hoping that a better security solution would be widely adopted and while I hear rumors in that regard, passwords still reign supreme. So when I saw that the SafetyDetectives website had listed the 30 most common passwords, it seemed like a good time to revisit the topic. Their study found that "123456" and "password" still lead the list of most common passwords. Sigh.

If you find yourself on that list, do not dispair. The good people at the FTC have provided some common sense, free guidance when it comes to passwords:

  • Make sure your password is long and strong.
    • That means at least 12 characters. Making a password longer is generally the easiest way to make it stronger.
    • Consider using a passphrase of random words so that your password is more memorable, but avoid using common words or phrases.
    • If the service you are using does not allow long passwords, you can make your password stronger by mixing uppercase and lowercase letters, numbers, and symbols.
  • Don't reuse passwords you've used on other accounts.
    • Use different passwords for different accounts. That way, if a hacker gets your password for one account, they can't use it to get into your other accounts.
  • Use multi-factor authentication when it's an option.
  • Consider using a password manager. This lets you use more complex passwords and share them in a trusted circle.
  • Pick security questions only you know the answer to.
    • If a site asks you to answer security questions, avoid providing answers that are available in public records or easily found online, like your zip code, birthplace, or your mother's maiden name.
    • And don't use questions with a limited number of responses that attackers can easily guess — like the color of your first car.
    • You can even use nonsense answers to make guessing more difficult — but if you do, make sure you can remember what you use.
  • Change passwords quickly if there's a reported breach.

Like everything else, passwords have an AI angle. ChatGPT probably can't guess your passwords, but other AI applications can, especially if the passwords are short and commonly used. So take advantage of the long Juneteenth weekend and raise your password game.

To view Foley Hoag's Security, Privacy and The Law Blog please click here

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.