Lets face it in today’s world everyone needs to get more secure passwords because human nature we are lazy and pretty much break every known guide on bad passwords cause of laziness and not wanting to remember a complicated password.



  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3e

1. Don’t make assumptions

Assuming that everyone in your company is already using passwords that meet security requirements is a big mistake. As TechCrunch reported in its list of the worst passwords of 2014, users are still relying on “123456” and “password.” As an IT security professional, it’s up to you to set and enforce the use of secure passwords across your organisation. Start with the basics and work from there.

2. Be unique

Above all, make sure users haven’t created the same password for use at multiple web sites. A recent survey by mobile identity firm TeleSign of more than 2,000 UK consumers found that 62 per cent put their credentials at risk by reusing their passwords across multiple online accounts. Hackers are counting on this bad user behaviour, so they can crack one password and help themselves to multiple accounts.

3. Go long

Passwords should be in excess of 14 characters so they can withstand password-hacking tools. They should also be a mix of words, numbers, symbols, and both upper- and lower-case letters. Encourage users to avoid passwords based on personal details such as birth dates, addresses or phone numbers, or names of family members. If employees have trouble trying to remember long passwords passphrases may be a better option. Passphrase use a full sentence, including spaces, punctuation characters, and some capitalisation. Since it’s a natural sentence, it will be easy to remember but tougher to crack.

4. Get an assist

The challenge with issuing and enforcing a corporate password security policy is that now, your team must manage all of these different and complex credentials, and supply passwords to staff when they forget them. Using a password manager simplifies the process and can help ensure compliance by generating random, 14-character passwords and managing them automatically.

5.  Activate two-factor authentication (2FA)

Asking any third-party vendors you work with, such as cloud providers, to activate 2FA helps to mitigate the damage of a stolen password. One of the most popular methods of 2FA that is easily implemented is the use of SMS authentication codes. They offer an easy second token that almost anyone with a mobile phone number can use.

It’s hard to predict what the future of user credentials will be. The FIDO Alliance has published a new set of standards for software and hardware makers to help tighten password and identity security, including provisions for biometrics, 2FA and even facial recognition. But getting consumers to buy into these methods is going to take time, and it’s doubtful that biometrics will eliminate cyber attacks entirely, as they present their own risks. For now, the best we can do as IT security pros is to reduce bad user behavior, stay vigilant, and swap out those passwords regularly.

Corey Nachreiner is Global Head of Security Strategy & Research at WatchGuard Technologies.Corey has operated at the frontline of cybersecurity for 16 years. Primary author for WatchGuard’s Security Centre blog, he has written thousands of security alerts, is a prolific speaker, frequently conducts educational webinars and his video feeds have accumulated hundreds of thousands of views.


(Common password mistakes often made)

1. Easy to Locate

If your passwords are written on Post-It notes, hidden under your keyboard, typed on your smartphone or tablet, tucked in your Day-Timer…then you are not the only one who can easily find them there. If you absolutely have to, record them in a secure location or use a password manager program. The best option are passwords that are memorable and unique enough that you don’t have to write them down.

2. Too Common

Your password consists of common phrases, obvious patterns, “real” words or combinations of words. Hackers frequently use attack dictionaries of English and foreign languages that look for whole words or words pieced together. It is no longer safe to try odd combinations like paperbagel or purpletiger.

3. Based on Personal Data

Does your password use information that can easily be obtained about you? Avoid the name of your spouse, pet, kids; don’t use birth dates, phone numbers, addresses and so on. I once worked with a woman who simply switched between the names of her grandsons whenever she needed to change her password; easy to remember for her…and for most people she worked with.

4. Based On a Personal Name or Login

Avoid passwords that are a form of a network login ID in any form (reversed, capitalized, or doubled). Don’t use a first, middle, or last name, your initials or anyone’s nickname.

5. Simple to Guess

Although they may not consist of personal information, many other passwords are easy for automated programs or even other people to decipher. Some people have passwords based on common items or brands on their desk or choose a password around a dream car or favorite vacation. Do pick a password that can be typed quickly without having to look at the keyboard. This makes it harder for someone to steal your password by looking at your keyboard.

6. Letters Only

More secure passwords consist of combinations of numbers, special characters or punctuation marks as well as a mix of upper and lower case letters throughout the password.

7. Short in Length

The shorter a password, the more opportunities for observing, guessing, and cracking it. A strong password is at least 8 characters long. Some organizations now enforce a minimum length and variety of characters to help strength the company passwords.

8. Too Old

You’ve used the same password for years. Usually it will take a hacker a very long time to crack a long, complex password. If you change your password every 90 days or as required by your computer network, then the chances of your password being cracked are even more diminished.

9. Always the Same

You have 1 bad password and use it everywhere. Instead have several different ones in place so all of your accounts, logins, and computers are not at risk if your password is discovered or cracked.

10. You Can’t Keep Secrets

How many other people know your password? Even if you shared your password for a good reason, your computer access is no longer secure. Change your password and keep it a secret from everyone!


If you want to know how good, or bad your password is try link below to see how long it would take to break