Quotes Icon

Andrew M.

Andrew M.

オペレーション担当副社長

"私たちは小規模な非営利団体のためにTeamPasswordを使用していますが、私たちのニーズにうまく対応しています。"

今すぐ始める

Table Of Contents

    computer login screen

    The Truth About Terrible Passwords

    December 11, 20204 min read

    Password Management

    “Password” is indeed a bad password to use. You are right to roll your eyes if you hear somebody has used it. But there’s a good chance your password sucks as well.

    Several times a year, mainstream and tech media will report on the latest list of the “worst” passwords. Several different organizations make an annual list but they almost always use the same (lack of) criteria. It’s simply based on how often the password appeared in leaked and stolen databases of account passwords.

    It's not the fact a password was in such a list that makes it “worst” in this scenario: the database being exposed in plain text form is the fault of the hacked website, not the users. Instead the logic is that a password being used most often makes it “obvious” and thus a terrible choice.

    Virtually every time this top ten comprises terms like “password”, “123456”, “letmein” and the occasional cultural reference: chances are “COVID” will be all over the lists for 2020. The usual media response is that such obvious terms appearing in the list prove the computer-using public are a bunch of idiots and society is doomed.

    The problem is that these terms appearing in the lists don’t tell us much useful about users as a whole because these terms will always be in the list. It’s completely circular logic because inherently the most commonly used passwords will always be obvious and predictable choices.

    What would actually be useful would be to know what percentage of all passwords fall into the “obvious category” or even what proportion are rarely used or even unique. That would tell us much more about trends in behavior.

    Let’s look instead at some of the factors that really determines how secure a password is.

    Table of Contents

      Dictionary Words

      A password that’s simply a word is about as bad as it gets, and that’s the case whether you use “password” or “rhubarb”. The former is certainly worse in the scenario of somebody literally typing in a guessed password to try to access an account. That’s a very small part of overall cybercrime, however, particularly given most sites will lock after a set number of failed login attempts.

      Instead, most attempts to crack a password involve thousands or millions of attempts, whether that involves bypassing the attempt limit or trying to decrypt a stolen database of encrypted passwords. The first run will often involve trying a list of words, which could be a list of known common passwords (including allegedly clever workarounds like “pa55w0rd”), the most common words in a language, or even a literal dictionary.

      This won’t usually be the only tactic an attacker uses, but a “real” word as your password puts you at much greater risk.

      Length

      The next step after a dictionary attack is a brute force attack. This involves literally trying every possible combination of letters and in this scenario, longer passwords are exponentially more secure. Think of it this way: you can guarantee to guess a single letter within 26 attempts. For two letters, you’d need 26 x 26 attempts, totaling 676. Follow this logic and simply using eight characters gets you to five trillion possibilities. Even with incredibly fast computers, it only takes a few extra characters to increase the average time to crack a password from a few hours to thousands of years.

      Special Characters

      Using just letters makes for a bad password for the same reason that length matters. For a single character, using numbers takes the number of possibilities from 26 to 36. Use symbols on the average keyboard and you can easily add another 26. Use capital letters rather than just lower case and that’s another 26. Even with a (very much not recommended) four-character password, you’re talking about the difference between 11 million possibilities and nearly 6 billion.

      The Most Terrible Password

      The truth is that while length and characters matter, the worst password is the one you use on more than one site. Whenever an unencrypted database of usernames and passwords gets exposed (either because hackers decrypted it or they found it stored in plain text), the first thing they’ll do is try the details on other websites and services, particularly ones that will grant access to sensitive personal data. When you reuse passwords on multiple accounts, you’re effectively putting all those accounts at the same level of risk as the least-well secured.

      The Truly Good Password

      The most secure password is one that’s unique to an account, is a good length (12 characters is often recommended as a minimum) and uses a combination of upper and lower case letters, numbers and symbols. If that sounds like it would be impossible to remember, don’t worry: it’s not smart to let your memory be a limit on your security. Instead the most practical way to generate and use unique reliably secure passwords for every account is a password manager. 

      パスワードの安全性を高める

      パスワードを生成し、正しく管理させるための最適なソフトウェア

      TeamPassword Screenshot
      facebook social icon
      twitter social icon
      linkedin social icon
      関連記事
      A team of diverse workers standing in a circle with their arms outstretched and hands touching, there is a desk with computers in the background.

      Password Management

      December 13, 202410 min read

      Best Password Managers for Teams (2025)

      The best password managers for teams go beyond suggesting a strong password and saving them securely for you. ...

      username ideas

      Password Management

      December 13, 202413 min read

      How to Make a Good Username | Create a Unique and Secure Username

      See the best way to come up with a new username. We break down types of usernames, why ...

      The word "passphrase" spelled out on dice on a piece of paper that has many words written down in different colors and that looks like code.

      Password Management

      December 11, 20248 min read

      What is a passphrase and should you use one?

      Passphrases use multiple common words to create passwords instead of random letters and characters, making them secure and ...

      最新情報をお見逃しなく!

      このような投稿をもっと読みたい方は、ブログを購読してください。

      Promotional image