Using 'password' as your password isn't the only security mistake

Posted at: 11/24/2013 11:12 PM
Updated at: 11/25/2013 12:04 AM
By: Caleb James, KOB Eyewitness News 4

A lot of us are not very good at coming up with passwords for our online accounts.

Each year the word "password" itself ranks among the most common passwords.

As online bad guys get more savvy, even folks who do put some thought into their passwords are vulnerable.

It is a question maybe more important than ever:

"How do we measure the badness of a password?" said Patrick Gage Kelley.

Kelley is an assistant professor of computer science at the University of New Mexico.

"My research is focused on computer privacy," he said.

Kelley's cyber security research reveals one thing for sure:

We are terrible at coming up with our passwords online.

It goes beyond the unforgivable stuff like making your password "password."

Same Password. Different Account.

"Many people have the same password for multiple accounts," Kelley said.

He said it is often easier for folks to use one password for all their online accounts.

But, say someone manages to steal your password to a social networking site:

"They'll then go try that password and that e-mail at other websites, at popular banks," he said.

If you used the same password for Facebook, and for your bank account, you have just given who ever got the first password total access to your other accounts.

Kelley said folks try in vain to switch up a go-to password by making different versions -- replacing characters with symbols.

"Those patterns are very predictable," he said. "It's very obvious to replace the letter 'A' with an '@' symbol."

"One of the most important things you can do is create a different password for every website," he said.

But that is its own challenge right?

Kelley said you have probably been warned not to write your passwords down.

He said that is unrealistic.

He suggests memorizing passwords for sites and accounts you use daily.

Passwords for accounts you access less often can be written down and kept at home.

"It's much less likely that someone is going to break into your house and sort of steal your list of passwords than it is for a data breach to happen on one of those sites," he said.

Different Passwords Isn't Enough.

"The most important thing you can do is to make a password that nobody else has," said Kelley.

Kelley says the best password does not use your pets' names or personal info. Random words or completely unique phrases are best; Kelley says to think outside the box.

It is minimal extra effort, but Kelley says we keeping using simple, insecure passwords.

"And the easy solution is what wins," he said.

But the habit of making good passwords can be easy too.

 1.) Make your password as different from everybody else's as possible.

2.) Make it longer.

3.) Add more things that aren't lowercase letters.