Online Passwords That Put You at the Greatest Risk

Hardly anyone would seriously consider typing in 'iloveyou' to protect an account. And nobody would willingly lock things down with something as predictable as '123456,' 'default,' or 'hello.' Believe it or not, those exact phrases showed up among the alarmingly weak login credentials pulled from the cheating-focused dating platform Ashley Madison, which a collective of password-cracking specialists managed to break. The whole episode is uncomfortable on multiple fronts, and it drives home a simple truth: your login credentials actually have to function. Familiarity is the last thing you want in a password guarding your online presence. Neither is simplicity. What you need is a password capable of leaving a cutting-edge hacking algorithm scratching its head.

What's the recipe for a password that actually holds up? Listen to the cybersecurity experts at Norton, who suggest aiming for length and complexity.

Norton explains: "When a password is short and lacks variety, automated tools can guess the right character sequence in no time."

Norton adds: "The more characters and the greater the complexity in your password, the lower the chance an attacker will bother with brute-force techniques, since figuring it out would take ages. They'll likely pivot to a dictionary attack instead, running through a precompiled list of words that frequently appear in passwords."

If you're unsure whether your password stands a chance, turn to the specialists. Head over to howsecureismypassword.net for an instant strength check. The platform also estimates how many hours, days, or years a machine would need to crack your chosen phrase. It's yet another useful benchmark for measuring the strength of whatever you've come up with.

Diceware offers another path to building a tough password, spinning up random word combinations on demand. Tossing the dice pulls entries straight from the official Diceware word list. Stack more words together, and the password grows that much tougher to break.

For those who'd rather sidestep passwords entirely, researchers at the University of Southern California have come up with something different. Marjan Ghazvininejad and Kevin Knight found that people can more easily memorize a 60-bit number when it's transformed into a string of ordinary words. They built software that reshapes those words into short couplets, each line carrying eight syllables and closing with a rhyming pair.

When you're ready to set up fresh login credentials, these pointers should ease any worries about the choices you're making. Above all else, don't let 'iloveyou' be the phrase guarding your accounts.

Smart moves:

• Mix together numbers, symbols, uppercase letters, and lowercase letters
• Make sure the password stretches across at least eight characters
• Draw on shortened versions of longer phrases
• Swap out your passwords on a routine schedule
• Sign off from websites and devices once you're done with them

Pitfalls to dodge:

• Settle for something obvious like '123456,' 'password,' 'iloveyou,' or '111111'
• Stick with a single word, since dictionary-style attacks thrive on those
• Lean on any form of your own name, a relative's name, a pet's name, phone number, address, or birth date
• Jot your password on paper, hand it off to anyone, or permit others to sign in under your details
• Click 'yes' when a browser offers to remember and store your password