Popular Passwords You Should Avoid

By | 2018-10-25

“Jesus is the answer to everything.” It’s an oft-quoted line in Sunday school classrooms, and a frequent focal point of your pastor’s sermons. Without expounding the theological implications, when it comes to accessing your Church’s website or other online accounts, the following caveat applies: “Beware of making Jesus your password.”

Hackers Know Your Name
Put yourself in the shoes (or behind the keyboard) of an astute hacker, eager to infiltrate your site with porn, or wreak havoc with your data. The absolute, “low-hanging fruit” for cracking your password is to use a name or common “dictionary word” – especially one that would be meaningful to you, or your church. “Jesus” or one of his associated names such as “Emmanuel,” or “Savior” are obvious ones; your church’s name is another. Even if you were to add numbers or special characters to the dictionary word, hackers have special crunching tools and standard word lists to draw on to “try all possibilities.” This is called “brute-force” password cracking, or a way of using a program that tries every character combination possible until your password is cracked.

If you really want to make life more difficult for a hacker, besides avoiding familiar names or popular verse identifiers (like John3:16) for passwords, here’s a simple practice to adopt:

Make it a habit to use at least one lowercase, one uppercase, one number, and one special character.

This practice may not throw a hacker off the path completely, but it will take him considerably longer to crack your password, and possibly even force him to give up. To illustrate: there are 208 billion possible combinations for an 8-character, all-lowercase password. By just altering your password with the use of a lowercase, uppercase, digits, and special characters, the number of possibilities jumps to over 1 quadrillion – which, by some estimates would take a hacker nearly ⅔ of a year to generate.

Hackers Have Your Number
Another simple rule of thumb for making a hacker’s life more difficult is to avoid using all numbers; eg., 0123456789, etc. This sequence, or others like anniversary dates or personal birthdays may be convenient for you to remember, but realize how easy you’ve made it for the hacker: with only 10 digits to choose from, a hacker can brute-force a 10-digit password in only 10 billion tries!

Hackers Can Be Thwarted
So here’s a summary of what we covered, along with some additional “good practices” for thwarting a hacker and maintaining strong passwords :

  • Avoid using names and dictionary words
  • Use at least one lowercase, one uppercase, one number, and one special character.
  • Avoid using only numbers

In addition, the following “best practices” for passwords should be regularly observed:

  • Change your password frequently, as often as every 3 – 6 months (lean toward the “more often” end for financial accounts like banking, etc.)
  • Use different passwords on different accounts. (Why give a hacker access to all your accounts with just one password?)
  • The use of a passphrase with all available character types inserted into it can be quite effective, eg: I<3ourSav1our&RChurch
  • Utilize a password keeper or manager tool, like Keeper or LastPass, to help maintain strong passwords, and keep track of your passwords in a secure place.

Adopting the above basic practices will go a long way in protecting your site, keeping your accounts secure, and confusing a would-be hacker.