This is the first post in an ongoing series about passwords. Boring huh? Well, the fact is that most of our financial and sensitive data–despite the billions of dollars invested by banks, governments, and other institutions–is only protected by a thin barrier constructed by you: the password. Your bank may have designed the ultimate shark cage, but it’s up to you to close the hatch and keep your arms inside.

If you’re still reading, great… I haven’t lost you yet, or maybe you're just hanging around to look at that cool shark picture.

Common passwords

Most people use simple passwords. Why? Because picking “strong” passwords seemingly comes with a bad consequence: we can’t remember them. We’d rather use a simple password that we can remember. We can’t change that about ourselves. It’s just who we are as people. What’s more, the human brain was NOT designed to remember a gazillion different passwords for the countless online profiles we have to maintain in today’s world. Telling people to do that is unreasonable and silly.

In January 2010, SmartPlanet published a list of the top 20 most common passwords. Here are the top 5 from that list:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou

If you’re in that group, don’t worry. I’m going to tell you how to fix it, and I’m going to give you some easy options for doing it.

But first, I want to make sure you understand the consequences of using a simple password. To understand, pretend you’re a hacker and you want to get access to someone’s account online. Which passwords will you try first? If you said “the most common passwords,” you’d be correct.

So for starters, just by getting out of the most common group, you’ve done something to protect yourself. Unfortunately that may not be enough. Hackers are a savvy, motivated group, and the Web itself makes it easier than ever for hackers to make really good guesses about your passwords.

More pitfalls

So if you’re thinking to yourself “I’m not in the top 20… I use lovetogolf as my password,” I’d have to say “not so fast.” Do you like to talk about golf on your Facebook page, Twitter, or other public sites? Do you tweet during golf events? Do you talk about Tiger Woods? If so, you’ve already told the world you “lovetogolf.” I bet it didn’t occur to you that you gave out your brokerage account password last Friday when you posted “I’d so rather be on the golf course today.”

Maybe you’ve already thought of all that. Maybe you use an arcane password like… “arcane.” Most people don’t know what arcane means, so it’s safe, right? Unfortunately, ANY word that can be found in a dictionary is low-hanging fruit for a hacker. There are publicly available programs that simply guess their way through the dictionary until they hear the safe “click.” Then, they’re in.

So, let’s see where we are now…

  1. My password can’t be simple and popular
  2. My password can’t say anything about me
  3. My password can’t be a real word

It’s at this point that most people give up and keep doing the same thing because they think they have to remember ijtEy^*32!#@fkg4LS. That’s not what I’m going to tell you to do, so don’t be that person that gives up. You and your family have too much at stake to leave the shark cage hatch open.

Going forward

In the posts that follow, I plan to discuss how you can create strong passwords that are actually memorable and also talk about some software programs that can help. Stay tuned!

Shark picture by hermanusbackpackers via Flickr Safe picture by squacco via Flickr