If You Think 3sYqo15hiL is a Good Password, Think Again

Although security researchers are looking for ways to get rid of passwords, it does not look like that is happening any time soon. Passwords are and going to remain the core part of account security, and everyone must take them seriously. Password strength is something that we have to take into consideration whenever we create new accounts, and we want to protect them. Just don’t think about copying a seemingly strong password you’ve seen somewhere on the web. You won’t be the only one to have come up with this idea, and the password is bound to be really weak, too.

What makes a weak password?

To find out more about weak passwords or character combinations you should avoid, you can check out our entry on the worst passwords of 2019. However, it is clear that the most common component of a weak password is predictability. It’s something that doesn’t even require thinking. People who choose memorable combinations don’t even try to think about how to create a complex password. So, it’s obvious that sequences like 12345, qwerty, or password, should NEVER be used to protect accounts. You don’t even need a bot to brute-force them. Anyone can simply guess these passwords and breach the accounts.

However, going through the list of the worst passwords can give us a few interesting specimens, too. For example, there’s an analysis of over 1 million leaked passwords on the Passlo blog that can give us an insight into another type of internet activity. The list of the top passwords in the post again introduces us to the most popular contenders like 123456 and password, but what might seem strange is the password at #21. It’s 3sYqo15hiL. Now, even if you are not a seasoned cybersecurity expert, you probably know that a random sequence of alphanumeric characters makes up a far stronger password than actual words.

3sYqo15hiL clearly looks like a random sequence, so its password strength should be higher than that of chelsea or sunshine. Then, how come it has such a high ranking? The analysis also suggests that from a random sample, this password appears around 13,000 times. Seriously? 13,000 users came up with the same “random” password? That’s highly doubtful.

Further research into the subject revealed that the email addresses used with the password seemed to be randomly generated. Also, the same password was used across multiple accounts that used these randomly generated email addresses. With that, research came to the assumption that the 3sYqo15hiL password belonged to a network of bots that probably is involved in credential stuffing, where bots crawl through pages with log-in forms trying to gain access to them, or simply creating fake accounts on social media networks for spamming.

Keeping in mind that bot traffic takes up a significant portion of the overall Internet traffic activity (up to 25%), it is no surprise that the passwords used by bot networks are common, too. Hence, there is nothing complex or reliable about 3sYqo15hiL. In fact, before you use a new combination, you can always check the password strength, which would help you make sure that your account is properly protected.

How to create a complex password?

We have actually discussed the topic of password strength many times before. To put it simply, the password has to be as long as possible. It has to include numerals, lower case, and upper-case letters, special characters, and the character sequence has to be absolutely random. Let’s not forget that every single account you own has to have a unique password, and you have to renew them regularly. With all these requirements and the accounts that you have to keep track of, password strength is probably the last thing on your mind.

But why do everything manually? The truth is that you can either scribble all your manually created passwords on post-its and then lose them sometime around next month, or you can simply delegate the work to a tool like Cyclonis Password Manager. You can try out the 30-day free trial right now and see how the tool works for yourself.

Now, what are the benefits of using a password manager? Well, for one, you don’t have to worry about password strength anymore. Password managers aren’t there just to remember your passwords. They can also help you generate new complex passwords that will protect your accounts better. Even if you feel attached to some password that you use, you should still renew it. Instead of adding one more symbol to it, simply use a password generator, and it’ll make it more difficult for hackers to compromise your accounts.

What’s more, you can put your existing passwords through the Cyclonis Password Manager’s Password Analyzer. This tool helps users to see the level of their password strength. And it doesn’t just say whether the password is strong or weak. It also gives you an average of the estimated time required to crack the said password. That gives users a different perspective as opposed to just “weak” or “strong.” We’re also sure that if you were to run 3sYqo15hiL through the analyzer, it would fall into the category of “very weak,” and it would be possible to crack it within “less than a second to about an hour.”

So, to take everything into account, password strength shouldn’t be overlooked when you’re creating new accounts or when you’re renewing your login credentials. It is strongly recommended to employ password managers to help you generate and store your passwords because it is faster, safer, and more efficient than creating passwords on your own.

3sYqo15hiL is a very good example of how a seemingly random sequence of characters cannot protect accounts from potential hacks. Hence, it’s better to employ all the means possible to ensure that your personal information and your accounts are safe.

Aside from password managers, there are also additional security levels like multi-factor authentication that you can use, too. Check whether the service you’re using allows you to enable this type of authentication. Paired up with a strong password, it would definitely make it harder for hackers to sneak into your account.

August 28, 2020

Leave a Reply