Password Formulas Don’t Fool Hackers
Every time we write about passwords on Lifehacker, several readers share their secret password formula. These formulas are easy to crack, according to Ryan Merchant, senior manager of Dashlane’s password manager.
Dashlane recently analyzed 61 million passwords from years of severe data breaches – passwords that are exposed to many security researchers, hackers, and even the public. Dashlane’s main takeaway is that people are not very original. Even those using formulas.
Among the obvious common passwords such as iloveyou , ferrari, and starwars , Dashlane found common formulas such as “find a password,” which involves pressing adjacent keys to create what may look random but is actually incredibly predictable. Walking passwords include 1q2w3e4r , zaq12wsx, and ! Qaz @ wsx . They are common enough for hackers to include them in “dictionary attacks” against random accounts.
Perhaps you, as one of the readers of Lifehacker , “use a formula based on the name of the website.” You’re still in danger, says Merchant: “If [the hacker] knows someone’s ‘base password’, it’s not hard to predict what their options will be.” Moreover, hackers know the password requirements for each site. Therefore, when one of the formula passwords is revealed, all of them can be revealed. If you just add “tidder” at the end of your Reddit password, the hacker knows to add “koobecaf” to your Facebook password. Hackers can also guess which characters you can replace with other characters. letters and numbers can become punctuation marks. Change each i to ! , rebus style, they cannot be fooled.
So please give up your formula and use a password manager that will generate truly random passwords for you and then remember them so you don’t even have to memorize them. You can use Dashlane; I personally love 1Password. We’ve listed five of our favorite password managers here . I even considered a newer, prettier option called RememBear .
You cannot prevent accounts from being hacked; it depends on the companies and organizations that hold them. All you can do is limit the damage and make your passwords less readable. The point of a password is to keep your data safe, not make you feel smart.