Password Security in 2020 – The Basics
The video above and this blog were created as part of our The Basics series. The Basics is a series of videos answering questions that many have in the most understandable way. No industry specific terms or over detailed descriptions. We created this series to help people understand technology basics that are sometimes explained over complicatedly. It’d mean the world to us if you shared the video or this blog!
Password requirements constantly seem to get more and more strict. Do we really need 8 characters, a capital, a letter, and a symbol? Well, the short answer is yes. Let’s look at why:
My original password before the more strict password requirements was just a 4 letter word and a 4 digit number, but it technically only had to be 6 characters so lets look at that. We’re using “yell83”
So this password would only take a couple of seconds to break into if someone really wanted to. Let’s add a capital “Yell83” so that didn’t change it.
What about a 4 letter word with 4 numbers and a capital? “Yell8356”
Just by adding a couple of numbers we’ve increased the security by quite a bit, but it’s still not great. Let’s add a symbol to the number as well “Yell&8356”
Now that looks a little bit better.
We can add lots of complexity to our passwords, but as we do we start to make it more difficult to remember and the increase of security gets lower and lower. So instead we recommend using a passphrase. These are phrases that are easy to remember but with just a little bit of complexity become very secure.
Using a passphrase can be as simple as taking a joke, quote, or any easy to remember phrase and using it as a password. You could use “Your butt, Your butt is the bomb”
Or
“Sir, I’m going to have to ask you to exit the donut.” —Nick Fury (Samuel L. Jackson) to Tony.
You’ll still need to make sure you have a number and symbol but those can easily turn into “Y0ur butt, y0ur butt is the b0mb”
And “Sir, I’m g0ing t0 have t0 ask y0u t0 exit the d0nut”
Because these quotes have commas and apostrophes you wouldn’t have to add any other special characters. In both, I just changed the o’s to 0’s. Typically we would recommend that if you change a letter into a number or symbol that you do it for all of them. That way there are no questions about which O you have to swap for a 0. You don’t have to use quotes though you can also use your own phrase like “I signed up for Google in 2020” and change the service name or “This 1 password is really hard to crack!” These types of passwords are easier to remember and still very secure.
Obviously we don’t recommend that you use any of the passwords in this video as your password, but you can take this advice and make your passwords more secure. And if ANY of your passwords show up on the 10 most common passwords from 2019 you should change them immediately!
| Rank | 2019[14] |
|---|---|
| 1 | 123456 |
| 2 | 123456789 |
| 3 | qwerty |
| 4 | password |
| 5 | 1111111 |
| 6 | 12345678 |
| 7 | abc123 |
| 8 | 1234567 |
| 9 | password1 |
| 10 | 12345 |
| 11 | 1234567890 |
| 12 | 123123 |
| 13 | 000000 |
| 14 | Iloveyou |
| 15 | 1234 |
| 16 | 1q2w3e4r5t |
| 17 | Qwertyuiop |
| 18 | 123 |
| 19 | Monkey |
| 20 | Dragon |
Top 20 most common passwords according to NCSC
While it’s true that the everyday person feels like they won’t be the victim of a direct attack there is a real possibility of it especially if your password is insecure. It doesn’t take much to get through the bare minimum passwords. That’s why the requirements get more and more complicated.
If you’d like a basic understanding of having more secure security questions watch our video about that.
If you want to have more secure passwords but don’t want to remember them all watch our video about password managers.
If you want to make sure your important accounts are as secure as possible watch our video about multi-factor authentication.