Go ahead, try and be clever about your passwords. You are likely making predictable choices, according to Jeff Fox, leaving yourself vulnerable. How smart are your tricks? Consider this:
In a 2013 study for DARPA (the Federal Defense Advanced Research Projects Agency) called Pathwell, security consulting company KoreLogic found that, among the thousands of users within an unnamed Fortune 100 company, roughly half had relied on just five patterns to compose their passwords and 85 percent had relied on just 100 patterns. (KoreLogic found similar predictability within a variety of other companies).
Here are the three most common patterns KoreLogic found among the thousands it identified in those companies:
• One upper case, then 5 lower case, then 2 digits (Example: Dulith57)
• One upper case, then 6 lower case, then 2 digits (Example: Abugmar64)
• One upper case, then 3 lower case, then 4 digits (Example: Itio1981)
Which of these mistakes do you make?
It’s not practical to try to avoid every one of the many patterns KoreLogic found. But you can still create better passwords by steering clear of some of the most common mistakes people make:
• Starting with an upper case letter followed by lower case letters
• When a password isn’t long enough, adding a letter or two to the base word
• Putting digits, especially two or four of them, before or after the letters
• When a special character is required, using “!” and putting it at the end
• Not using two special characters in the same password
• Avoid beginning the password with an upper case letter—or maybe even any letter
• Create an acronym using the first letter of each word in a memorable sentence, as suggested by security expert Bruce Schneier
Example: t2cmlp,@yh (“Try to crack my latest password, all you hackers”)
• Resist your natural tendency to mimic familiar words and phrases
• Use multiple special characters in the same password
• Don’t always place digits adjacent to each other
Read the rest here. And find out more about How to HackProof Your Passwords in Consumer Reports.