Last week, Robert Graham analyzed the top 20 passwords culled from a recent password hacking incident. It's an interesting read, and it got me thinking about my own password history.
When I was very young, I went to the grocery store with my grandmother. Next to the store was a bank, so Grandma sent me over to the ATM to get some cash while she started her shopping. She handed me her debit card and explained how to use it, saying "You'll have to enter a secret code in order to get the money." Here she paused, and looked carefully around to make sure nobody could overhear her. "It's 1-2-3-4." Even at my tender young age, I thought that was kind of a stupid password.
I like to think that my passwords--of which I have many--provide me with a modicum of security, but I don't know. While I would never use something as simple to guess as my grandmother's PIN, I'm sure a person who was determined to get my data would be able to crack my various codes. The fact of the matter is, if I made my passwords complicated enough that nobody would ever be able to guess them, I would never be able to guess them.
When I worked in the cubefarm, our security was such that we were prompted to change our passwords rather frequently. They were required to be six or more letters and/or numbers in length, and we could not repeat any of our last six passwords. All of this annoyed me, so my passwords were often expressions of my distaste for having to come up with a new password: biteme, yousuck, howstupid, foreign swear words, and the like (similar "emo" and "don't care" words are mentioned in Graham's article--I guess my password ire wasn't unique).
Take a look at Graham's analysis, and ask yourself--do your passwords pass muster?