Your dog’s name… your anniversary… your childrens’ initials, birthday, or birth weight… your favorite hobby, or the name of your boat. Which one do you use for your password? Network Administrators and hackers know that most people choose passwords like these to protect anything from logging into web-based bulletin boards to buying things online.

Why does it matter? Identity theft… corporate espionage… loss of your data, or digital images. Do you want to risk these things? In many cases, a weak password is all that separates your data from anyone who wants to impersonate you online, or worse.

The problem with weak passwords

Passwords that are simply names of pets, names of children, common names of any type, are called “weak passwords.” Basically any word you can find in a dictionary or list of names makes for a weak password.

I don’t like to use fear to motivate people, but practicing safe password management is as important as locking your house when you leave. Only whenever you’re connected to the internet, it’s like having a house in the worst neighborhood in the biggest city around and if you don’t put a good lock on the door, you will get broken into, even if you’re home.

Practicing safe password management is as important as locking your house when you leave

The problem with strong passwords

If you work at a large company, they may not allow you to have a simple password based on any word you can find in a dictionary. E-Commerce sites that have good security require passwords at least 8 characters long. They group the characters you type into four groups: capital letters, lowercase letters, numbers, and symbols, and then require you to have at least three out of the four groups represented in your password. And then they make you change your password every two or three months. This type of password is called a strong password.

The problem is that you soon end up with many more passwords than you can possibly keep track of. You either forget your new password, requiring the administrator to reset it for you, or you start writing them down. Far too many people have their current passwords scribbled on a yellow sticky note attached to their monitor where anyone can see it.

With weak passwords, all an attacker needs to do to obtain them is go through your trash, or engage you in innocent conversation. With strong passwords, all he needs to do is visit your office. In either case, the attacker is engaging in a type of attack called Social Engineering, which is the easiest way to break into a system.

A strong password, if you write it down somewhere insecure, is not much safer than a weak password

Do I always need a strong password?

No. Strong passwords provide far more protection against different types of attacks, especially those considered Brute Force attacks. An example is something called a Dictionary Attack, where the attacker takes a list of words, sometimes an entire dictionary, and uses a special cracking program to try each word on your account. The dictionary used includes common animal and people names.

Many systems defeat these types of attacks by locking you out after a few failed attempts. But the real concern is what an attacker can do once they break into any particular system.

A weak password is all that separates your data from anyone who wants to impersonate you online, or worse

Assess your risks

There are low risk, and high risk computer systems. To avoid having 30 different passwords to remember, you can group together systems that have the same level of risk, and reuse your passwords. Many security experts would argue that this approach reduces security, but let’s be realistic here: if you don’t remember the password for a particular system, and then type in all of your “standard” passwords to try to log into it, you may have just compromised all of the systems that use any of those passwords.