Is your password “123456”? Worst passwords list revealed…

In SplashData’s fifth annual worst passwords list, “123456” and “password” remained the top passwords in 2015. Does your password appear on the list? Thinking up a password for a new service (or changing your password for an existing service, which should be done at least annually) is a real pain. On top of that, sites often have different and unclear requirements about password length and the use of numbers and special characters.

However, the importance of good passwords can’t be denied, especially for University accounts. Your network password gives access to a wide range of systems and services, and protects all your files, including any research data stored on the network. If your research contains valuable or sensitive data, perhaps commercial data, it is even more important to protect it well with a strong password (and encryption if necessary – see more on our data security intranet page).

A password that is easy to remember but hard to guess can be difficult to create, so here are some top tips around password security:

• Whilst the cartoon on this post amusingly demonstrates that long passwords aren’t always hard to remember, the example isn’t quite an acceptable network password. You should use a mix of uppercase and lowercase letters, numbers, and special characters.
• Regarding length, passwords should never be shorter than 8 characters, and once you hit 15 characters, even automated programs that try all character combinations struggle.
• A good method we recommend is to use the first letter of each word in a memorable phrase, saying, nursery rhyme or song title. For example, Do you know the way to San Jose? = Dyktw2SanJose?
• Try to ensure you can type your password quickly (e.g. using words that alternate between left- and right-handed keys on a keyboard). Shoulder-surfing, where people steal your password by watching you type it in, is a growing concern.
• Use different passwords for different services wherever possible, and don’t forget that the Cranfield Network Password Policy (pdf, internal-only) requires you not to use your University password for non-University accounts. (We don’t know how securely other services store passwords.)

So why not take a moment to check your passwords are safe? You can change your network password and security questions using our Password Manager, and learn more tips on our Information Security intranet site.

Image from XKCD at http://xkcd.com/936/, CC-BY-NC 2.5