Bamboozled January 19, 2017: Think your password is strong? Think again.


Keyboard pattern combinations are a bad idea for a password.

There are lots of ways a scammer can get his hands on your passwords, even if you take steps to protect your information.

There are data breaches. Hacks. Phishing trickery.

But the easiest way to get someone’s password is to guess.

That’s because we, as a whole, aren’t very creative with passwords.

Nearly 17 percent of users put their security hopes in “123456,”according to a recent study by cyber security firm Keeper.

Also in the top five are the uninspired numerical combinations “123456789,” “12345678” and “111111,” the study found.

Rounding out the top five was “qwerty,” which are the first letters going from left to right on a standard keyboard.

And 50 percent of passwords found in the study were on the top list 25, the study found.

These pathetic passwords are even less creative than the now infamous “password” password reportedly used by Hillary Clinton’s campaign chairman, John Podesta, when he fell for a phishing attack. Podesta’s alleged use of “password” was later discredited by Politifact, which called those reports “false.”

But still, the idea that so many passwords are obvious or easy-to-guess passwords is troubling.

Keeper, which examined 10 million passwords that became public in 2016 data breaches, said the top passwords on the list haven’t changed much in the past few years.

It noted four of the top 10 passwords were six characters or fewer, which makes a hacker’s job pretty easy.

“Today’s brute-force cracking software and hardware can unscramble those passwords in seconds,” Keeper said.

And, the study found, some users believe they’re being smart in their password choices by using what they think are unpredictable patterns, such as “1q2w3e4r” and “123qwe.” Keeper calls those efforts “weak at best.”

“Dictionary-based password crackers know to look for sequential key variations,” it said. “At best, it sets them back only a few seconds.”


There are two levels of protection you can hope for when it comes to passwords.

The first is in the protection provided by website operators and email providers. They have the opportunity to disallow certain passwords, including the common ones, those that follow simple keyboard patterns or common words.

Keeper called sites that allow the use of “flimsy” passwords “either reckless or lazy.”

But that, of course, is out of your hands, which means you’re the second level of protection.

Setting a strong password is up to you.

Here are some tips, according to Keeper and other online security experts:

1. Use a variety of numerical, uppercase, lowercase and special characters. These are harder to guess, even for a brute force attack.

2. Avoid terms that can be found in the dictionary. Really. Some password-crackers literally run through all the words in the dictionary, starting with the most common ones, and then moving through the rest of the book.

3. Don’t use your phone number or birth date, or those of your family. And your dog’s name? Nope.

4. Use as many characters as you can, and definitely more than six. Security experts say 12 to 14 characters should be the minimum.

5. Combinations of words are more obvious than you might think, so create something that’s easy to remember but looks complex from the outside. The password “M1jwaBPaIwp$5ah” looks pretty hard to crack, right? But how can you remember? It’s the first digit of every word in this sentence: “My 1st job was at Bob’s Pizza and I was paid $5 an hour.” You can create your own.

6. Even if your password is complex, always use different passwords for different websites. We all know it’s a pain to remember which password you used for which site or email account, but if your passwords are all the same, you’re just making a hacker’s job easy.

7. Consider using a password manager to keep track of your more complex passwords. But be sure that the manager is also secure and won’t become a hacker’s target.

Here’s the complete list of the 25 most common passwords from the study:

1. 123456
2. 123456789
3. qwerty
4. 12345678
5. 111111
6. 1234567890
7. 1234567
8. password
9. 123123
10. 987654321
11. qwertyuiop
12. mynoob
13. 123321
14. 666666
15. 18atcskd2w
16. 7777777
17. 1q2w3e4r
18. 654321
19. 555555
20. 3rjs1la7qe
21. google
22. 1q2w3e4r5t
23. 123qwe
24. zxcvbnm
25. 1q2w3e

Have you been Bamboozled? Reach Karin Price Mueller at Follow her on Twitter @KPMueller. Find Bamboozled on Facebook. Mueller is also the founder of Stay informed and sign up for’s weekly e-newsletter.