Password review: Get a safe start to 2018
Each year, IT and security companies such as Awecomm will put together a list of the “worst” (that is, least safe) passwords. Year to year, not much changes and people continue to use strings of sequential numbers, the word “password”, or even “batman” to keep their stuff secure. These are all extremely common passwords on the internet, which means they’re typically the first to be cracked.
Just take a look at the list of 2017’s worst passwords and you’ll see why it wouldn’t take long to guess any of them:
- 123456
- 123457
- 123456789
- Abc123!
- Password
- Admin
- Football
- Batman
- Princess
If your password is anything like those above, it’s seriously time to change things up and pick a password that is more secure. If you’re struggling to create a strong password, we’ve put together an easy guide to get you on the right track.
Our password policy
Thankfully, the passwords for your account with us can’t be anything like those in the list above because they don’t adhere to our official Password Policy, which states that all passwords must:
- Be at least 9 characters long
- Have at least one uppercase and one lowercase letter
- Have at least one number (i.e. 0 to 9)
- Not be based on your account details (e.g. your username, name or birthday)
- Not contain any spaces or tabs
- May only contain letters, numbers or other standard characters
Taking a few moments to type in a trickier password is far, far better than having your password cracked. While our Password Policy prevents you using a weak password, other online services may not have similar policies. As a rule of thumb, we recommend following our policy when creating any password because the results will typically be more secure – and that’s always a good thing!
Making a safe password that you can remember
A common gripe about “safe” passwords is that they’re difficult to remember. While many of our personal computers and devices will remember a password for us after we punch it in the first time, that isn’t always the case. In order to make passwords easy to remember, you may be tempted to use names and dates such as friends, family, pets, birthdays and anniversaries. This can be problematic because these days, a lot of those details are easy to find on public social media profiles such as Facebook.
Don’t stress – you don’t need to start using the big jumbles of letters and numbers that automatic password generators spit out. You just need to be a little bit craftier with your approach. Here’s some ideas you might like to try for the main part of your password:
- Use your loved ones’ initials to make up a word. Even if it’s gibberish, it should be easier to remember because it’s based on people you know.
- Take one thing you like. Take another thing you like. Chop each word in half and mash two halves together. Boom, password!
- Chuck in something random that’s easy to remember. It could be part of a song title, lyrics, your favourite colour, a movie quote… the sky’s the limit!
Make it a bit special
Once you’ve got your password, jazz it up a little bit. Pop in an uppercase letter or two. Add some numbers at the end or even at the front. Did you know that most passwords support all ASCII characters, not just letters and numbers? That means you can also use any of the following characters:
` ~ ! @ # $ % ^ & * ( ) _ + – = { [ } ] \ | ; , . / : < > ?
Another handy trick is to replace some letters with numbers that kind of look like letters – for example, an “O” looks like a zero, an “A” looks like a “4”, and an “E” looks like a “3”.
The key thing to remember is that a strong password doesn’t have to be as complicated as something like “!3GhT7Fyas$YT”. It just needs to be unique. Following the advice above, a weak password like “Football” could get a serious upgrade to “F00tdogs97feat.Pitbull”. Try guessing that!
If you need a hand updating your iiNet password, check out Changing your password in Toolbox on iiHelp. If you’re with Westnet, please see our guide for Changing your password in MyAccount.
Do you have any advice for making a great password? Tell us in the comments.
18 comments
-
Another method is to pick a phrase, say 2 lines of a song you like and use the first letter of each word.
-
Hi, could you please clarify the correct meaning of your paragraph:”Thankfully, the passwords for your account with us can’t be anything like those in the list above because they don’t adhere to our official Password Policy, which states that all passwords must:…”
Which on do not “adhere” to your list? Mine passwords or the one listed in your article? Thanks -
What I do is pick a term relevant to a home project, with the ‘at least one capital and one numeric’ rule applied, for example Concret17, Mowlawn8. Works like a charm
-
I’ve heard that one of the strongest passwords of all is to concatenate several unrelated words(eg WhaleOilBeefFile)to produce a very long letter string. Almost impossible to crack due to the enormous number of possible letter combinations, but easy for the user to remember.
-
Using words from a “dead” language (eg., Latin) combined with some relevant numbers could make a strong password.
-
Another “trick” is to turn a short password into a long password by repeating.
For example QUB56 could become QUB56QUB56QUB56Five characters becomes fifteen characters and you only have to remember five.
To crack it you must get all fifteen right, only then would the trick be revealed. Fifteen characters is pretty strong… -
Hey,
Some of this is terrible advice.
You should use a password manager for important passwords (particularly one for/in control of your main email).The advice against spaces enables poor quality website and back-end development. Spaces are a character like any other.
Google “new NIST password guidelines” for a better picture of the state of things – let’s leave these passwords that are hard for people to remember but easy for machines to guess in the past.
-
What I do is use my (REDACTED)s’ names using upper case at the start and/or end followed by the year (REDACTED) and subsequently change them from time to time using the year (REDACTED) first and later on last. I think that’s pretty unhackable. They won’t get into my bank accounts that way.
-
I agree with J. Use a password manager.
Include prime numbers in passwords.
Never save passwords on shared computers.
-
This is pretty awful advice for a secure password. Computing power is sufficient enough nowadays that brute force is incredibly simple. You need more entropy = you need a far longer password. Password managers are good to avoid password reuse between sites (in case one gets rolled).
As usual, XKCD has a comic for every occasion. https://xkcd.com/936/
-
If you can remember the password, it’s a bad password.
Use a password Manager such as LastPass, KeePass or 1Password, to generate actually good passwords!
-
One of the easyist ways to do a password is make up a sentence that means something to you take the first letter of each word in sentence and use that all the better if it uses numbers as well
-
Perhaps IP’s could be of assistance to customers & make suggestions along these lines- better still help clients with such passwords from the start of new installtions
-
I used to teach introduction to computers and i always recommended pass phrase. A line fro a song or a nursery rhyme.
J&Jwu1h2f1Pow
Jack & Jill went up a hill too fetch a pail of water.
This works with any song or famous speech, Just add an add an additional Capital and substitute some letters for numbers. It is nearly impossible to forget something so embedded in your mind.
WARNING DO NOT USE THE EXAMPLE
“Another handy trick is to replace some letters with numbers that kind of look like letters – for example, an “O” looks like a zero, an “A” looks like a “4”, and an “E” looks like a “3”.”
This is not considered good advice, since most password crackers already incorporate common character swaps.
e.g. https://en.wikipedia.org/wiki/Password_strength
“Words with simple obfuscation: p@ssw0rd, l33th4x0r, g0ldf1sh, etc., can be tested automatically with little additional effort. For example, a domain administrator password compromised in the DigiNotar attack was reportedly Pr0d@dm1n.”