QWERTY is not a good password

If you’re into social media or cloud computing, you’ll have felt right at home on our blog recently. We’ve tackled both subjects on a number of occasion, and given the popularity of those blogs, I thought it was about time we addressed one of the more feared topics is this area – security.

In the first part of this two part series, I’m going to look at passwords. I know the topic has been done to death everywhere from Lifehacker to AccountancyAge but it’s important so, here we go again!

Almost everything you do online and in the Cloud, will need a password. Passwords are the lock and key that keeps us secure from a shady underworld of identity thieves and internet highway men.  We construct complex and difficult to crack passwords to secure our on-line lives.

Or maybe we don’t.


The top 25 passwords

SplashData has revealed the top 25 passwords of the year, taken from a list of millions of stolen passwords posted online by hacking groups, selected password “highlights” are below:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123

Complex and difficult to crack I’m sure you’ll agree.

Given the amount of information we’re compelled to give when we sign up to websites, it seems some people aren’t doing a great job of “securing” their personal details. Incidentally, if you are using 123456 as one of your passwords, can you change it please? For me.

Password formulas

The holy grail is surely a password that you can easily recall and that is hard to crack. More often than not, people tend to opt for the “easy to recall” part and don’t really bother with the “hard to crack” part.

With so many passwords to remember I can see the temptation to use the same password for everything (hint: This is never a good idea). A suggestion put to me to address the problem was to use a password rule. A way of generating long complicated passwords that are easy to remember regardless of how infrequently you visit a website.

Had I found the holy grail?

Maybe, maybe not.

It works like this: You devise a single rule that you will use for every password, then append part of the website address to it to make it unique. My password rule might be this:

The first 4 letters of the website name (capitalised)  + Underscore + Head office postcode + the % sign + the head office dialling code

Therefore, if I had a myspace account, my password for would be MYSP_ne139aa%0191 (it isn’t by the way). If I were to sign up to e.g. knights.co.uk I would use KNIG_ne139aa%0191. I only need to remember my rule and I can remember the password for each and every site I visit.

Easy enough to remember once you have created your “rule”. Given the length and variety of characters involved it’s going to be pretty difficult to crack. The main problem I see with this method is, if one of my passwords became compromised, my secret is out and all my accounts are at risk. It’s surely better than 123456 though.

No matter which way you look at it, the best thing to do is create passwords unique to every account you have, long complex passwords.

Password management

They’ll be difficult to remember though, so take a look at some of the password management tools that are out there. Lastpass.com and Keepass are two that spring to mind – but please, do your own research and pick the best solution for you. Heck, it’s even OK to write them down as long as you keep them somewhere secure.

Have a password audit for 2012, think about what you are securing online and if your passwords are good enough, if they aren’t consider changing them. You’ll feel better for it.

Mark Knights, Accountants Team

  • I’ve always had alpha-numeric passwords and recently started to use case-sensitive as well. I think a lot of people don’t bother though, which is a shame when it actually only takes about a second longer to type and adds huge amounts of security to your login.

  • Mo Sidat

    I have a password protected One Note page to save all my passwords!!!!

    Hopefully no one cracks that password.

  • “Through 20 years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.” — Randall Munroe, illustrating why you want *long* passwords.


    Although your formula is a good example of its kind, it’s quite dangerous when any one of your passwords is leaked. If your MySpace account were leaked, someone could figure out to replace MYSP with FB and GMAIL. This actually happened with Gawker (http://news.cnet.com/8301-27080_3-20025558-245.html ).