‘1234’ is Really Bad: tips to creating tougher Passwords

We all know that using simple password such as “password” is crazy, yet many people still do it. Every other day we seem to hear about a new site being compromised, online security being demolished and passwords lost, yet how many of us will heed the advice and change our passwords? The reality is that we all know what to do, what not to do but there seems to be an “it will never happen to me” attitude to passwords. Well it could, and probably will, unless you start creating tougher passwords!

Let’s take a different approach, let us take a look at the worst passwords of 2018, how hackers guess your passwords and what you can do to protect yourself.

Worst passwords of 2018

Before we take an in-depth look at creating a secure password it is worth taking a look at the SplashData list of the worst 100 passwords of 2018. Those of a nervous disposition might be advised to look away now before their own passwords are revealed!

1. 123456

Yes, the password “123456” is still officially the worst password in the world. The majority of those who use this password may initially set it up on a temporary basis. However, it would appear to be too much hassle to go back and change it.

2. password

The only thing surprising about the password “password” is the fact that it is only number two and not number one. If you were trying to guess a friend’s password, to log into their computer, would you use the password….well password?

3. 123456789

As we move further down the line you will see the emergence of a pattern. Passwords which are made up of consecutive numbers make up six out of the top seven worst passwords of 2018.

4. 12345678

So, by adding a few more digits, but not using the full array of keys on the top row of your keyboard, this somehow makes your password more secure? Think again. The hackers are one step ahead of you, the first passwords they will try revolve around numbers and the term “password”. Don’t expect long-term security.

5. 12345

As we mentioned above, the vast majority of the worst passwords in 2018 revolved around sequential numbers. Thankfully, many software packages will now refuse to accept some of these passwords because they are too weak. Users will be prompted to add an array of letters and numbers, capital letters and symbols. It is worth replicating this advice across all of your online accounts – but not the same password.

Some other passwords which appear in the top 100 include sunshine, princess, football, password1, qwerty123 as well as admin. If you have a website and use admin as any of your backend logins then you are simply asking for trouble. Whether your blog password, control panel password or server password, eventually when your websites appear on the radar of hackers they will be on to you.

Consequences of cracking your password

It is interesting to note that many of us are up in arms when large company websites are hacked and our usernames and passwords are revealed. Even though we may be prompted to change our passwords at the next login, how many of us follow this advice?

The dark web is full of lists of usernames and passwords, together with associated websites, which can be sold and resold time and time again. We are talking about specialists in the fields of hacking, associating accounts with people and following trends. The chances are if you have a relatively simple password for one of your Internet accounts, even something as common as your AOL account, this will be replicated elsewhere. So, what will the hackers try next?

Work account

Can you imagine the potential trouble you might find yourself in by using an insecure password for your work account? Once Hackers have gained access to the inner workings of your company’s network the potential damage they can do is enormous. They could crash files, copy confidential information, transfer money or even pinch your clients. While companies are becoming more aware of issues surrounding usernames and passwords, employees still have a role to play and a responsibility.

Bank accounts

If you live in a particular part of the world, for example in the UK or the US, hackers will use your login details to see if you have accounts with the more common banks in those areas. Unfortunately, we have seen many occasions where people have used the same passwords with financial and non-financial accounts. In some cases the potential damage is limited, because of second-tier passwords and key phrases, but hackers may even be able to guess these! We have also seen instances where they have been able to intercept emails to change passwords, without the account holder actually knowing.

Website control panel

The Internet has released a large number of entrepreneurs into the business world, many of whom have been very successful. Self-promotion of their own websites tends to go hand-in-hand with their own personal social media accounts. Therefore, hackers can very quickly create a list of websites owned and associated with an individual. Using the hacked username and password there is every chance they will be able to login to your website control panel. This will give them access to the inner workings of your website, the chance to inject rogue code and more likely spam millions of email accounts with fraudulent links.

Whatever type of hosting package you have, whether it is VPS hosting or a shared server, you should protect your website with a secure password (and change this regularly). This is a situation where backups are also very important as they can take you back to a time when your site was “clean”. Then change the password!

Basic email accounts

While many might assume that gaining access to your very basic email accounts is more of an inconvenience than dangerous, this is not necessarily the case. By gaining access to your email account hackers will be able to access your saved email addresses and effectively take on your persona. Using the trust that your contacts have in you, and your email address, they can direct your friends and acquaintances to dangerous rogue websites. The damage they can do via this method is in many cases incalculable.

Ways of hacking your password

There are many ways in which hackers can obtain your password. From very complicated methods to surprisingly simple simply methods like “brute forcing”. Despite the fact we live in a world where encryption is available to the masses, hacking is still a very lucrative pastime. Hackers will use the likes of:-


This type of rogue software will give hackers access to your computer and probably a list of your usernames and passwords. We all have to store our usernames and passwords somewhere, so if you store yours on your computer make sure the directory is password protected. It is also sensible to do a regular sweep of your computer to check for malware.

Keypress software

In a similar manner as to malware, keypress software quite literally records all of your keypresses. This is passed to the hackers who will be able to associate common keypresses with website login pages and then simply record your username and password. Simple, but extremely effective!

Brute forcing

When a sophisticated piece of software fails to hack your password, many hackers will simply revert to brute forcing. This is a type of software which automatically enters an array of the most common passwords in an attempt to gain access to your account. Each failure will see the software move onto the next password and so on and so forth. Thankfully, many software packages such as WordPress will lock an account after a set number of failed logins.

Social media

As the social media revolution continues, more and more people are displaying their private life and private details on the likes of Facebook. If you have a website then no doubt you have a company Facebook account. From this account hackers can find your personal account, log your personal details and hazard a guess at what your passwords will revolve around; your family, sports, birthdays, pets, etc. Sound familiar?

It is important to vary your passwords

Online security should be upmost in your mind whether thinking of usernames/passwords for personal accounts or business use. First of all, do not use common passwords and if stuck remember there are many password generators out there. Even the merest hint of a potential hack should prompt you to take action. Take this action across all of your accounts, especially ones with common passwords, to give you peace of mind. Your days of using common or even associated passwords should be numbered.

In many ways hacking prompts the most basic of actions, such as brute forcing, to complicated encryption from individuals and companies looking to safeguard their data. The idea that it will “never happen to me” is one trap which many people fall into. Unfortunately, in many cases this has proven to be very expensive in terms of reputation and money.

What is the perfect password?

There is no exact science when it comes to the “perfect password” although those which include numbers, punctuation, upper and lowercase letters are amongst the most secure. It is also advisable to use passwords of a minimum 12 to 14 characters in length and even longer if possible. Made up words or “slang words” will also add another level of security as long as they are not simply trends of the day. Above all, change your passwords on a regular basis!