In How to Secure Your Computer: Maxim #3, I stressed the importance of changing the default username and passwords of all configurable network devices. That’s good advice. But a weak password, one that is easily guessable, is almost as bad as no password at all.
For example, if you use a password that conforms to common patterns that most people tend to use, it can be easily guessed. According to Wikepedia,
Repeated research has demonstrated that around 40% of user-chosen passwords are readily guessable because of the use of these patterns:
- blank (none)
- the word “password”, “passcode”, “admin” and their derivates
- the user’s name or login name
- the name of their significant other or another relative
- their birthplace or date of birth
- a pet’s name
- automobile licence plate number
- a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.
- a row of letters from a standard keyboard layout (eg, the qwerty keyboard — qwerty itself, asdf, or qwertyuiop)
So, the lesson here is simple, and becomes Maxim #4:
Use an unguessable, or difficult-to-guess password always.
What’s an unguessable password? I’ll cover that in a future post.