Avoiding Weak Passwords


Weak passwords frequently play a major role in any hack. Choosing a strong password can help avoid you becoming the next victim!

Not all applications enforce password complexity and as a result users may be tempted to use simple passwords such as password, 123456, letmein, etc which are easy to remember. Unfortunately these are also very easy for anyone trying to break in to guess.

Good security policies and practices can be effective against modern computers which can crack weak passwords in a matter of seconds.

Choosing a unique and strong password doesnt have to be difficult. Below are a few guidelines which can help you avoid weak passwords.

  • Never reuse a password. If you do and you get one account compromised then your other accounts are also at risk
  • Your password should never be left as default or the same as your username
  • Avoid using personal information such as nick names, birthdays, pet names, etc. Attackers may scrape this type of information from social media and are all to easily tp brute force
  • Avoid using words that exist in the dictionary. Password crackers often use these to guess passwords. Substituting letters for numbers or special characters can help avoid dictionary based attacks
  • Minimum password lengths help reduce the risk from brute force attempts. A password length of 12 characters or more would be advisable
  • Complex passwords, which are a combination of uppercase, lowercase, punctuation and alphanumeric characters, dramatically increase the number of combination required to guess a password making it more difficult to brute force
  • Never share your password with anyone, including your IT deparment
  • Don’t store passwords in your browser, not all browsers store credentials securely
  • Password managers can help you use longer and more complex passwords without the need to remember every password
  • Enable Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA) on your accounts. This make it more difficult for an attacker to access your account even if your credentials are leaked
  • For Windows users, systems administrators should set the Group Policy to disable LM hashes. These hashes are notoriously easy to crack using brute force methods or rainbow tables with a pre-computed list of hashes
  • Change compromised passwords. Service like haveibeenpwned can help you identify accounts and passwords at risk