The Ugly: Composition of a Bad Password
Typically, when I speak to someone about passwords and how to improve them, the follow-up question to the instructional “do this” is inevitably “why?”; so we’re going to start there. Beginning with “why certain passwords are bad”, we’ll follow up in a few weeks with “how to improve your passwords now that you know they’re currently terrible”. This post will attempt to show you the world of passwords I see and the pitfalls many people fall into. I’ve broken these down into 4 main categories: Easy-to-guess, Personal, Reused, and Short. The first category, and possibly the most well-known, consists of passwords that are easy to guess because of common human usage. These include some of my favorite examples: “password”, “opensesame”, “12345678”, “Spring2021”, etc. In fact, Xato’s article on the Top10k passwords used contains a list of painfully short and simplistic passwords that have been published in data hacks over the years (a link to the article is in the “Sources” below). Includ...