-- Warning: Dangerous new Gmail phishing attack can easily steal your Google login --

You’ve Been Bad With Your Passwords Yet Again

Our passwords still suck. You can probably guess what some of the most common passwords were in 2016 — and hackers can too.

It seems that password security doesn’t work. (I have a solution though — at the bottom of this post)

Many of us rely on simple, easy-to-remember strings of characters and letters, including those found on your keyboard such as “1234567” or “qwertyu.”

While these passwords are easy for you to remember, they’re also no trouble for attackers using brute-force hacking techniques, or little more than a guess or two. Meaning hackers can easily compromise your online accounts and take over your digital identity.

Despite the growing availability of security features like two-factor authentication, it appears many people still haven’t gotten the message about strong passwords.

The most common passwords used to protect our accounts haven’t changed much over the past few years, and “123456” is still very much in existence, according to password management service Keeper Security.

The company scoured through 10 million passwords which became public domain during 2016 thanks to data breaches. Keeper Security found that almost 17 percent of people used “123456” to protect their accounts from intrusion, while “123456789,” “qwerty” and “password” also made the list of 25 Most Common Passwords of 2016.

“We can criticize all we want about the chronic failure of users to employ strong passwords,” Darren Guccione, CEO and co-founder of Keeper Security, said. “But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies. It isn’t hard to do, but the list makes it clear that many still don’t bother.”

In total, four of the top 10 most common passwords were six characters or shorter. On average, it only takes seconds to brute-force hack these kinds of accounts. Allowing for such short passwords is the fault of online vendors and operators.

“While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves,” Guccione added. “IT administrators and website operators must do the job for them.”

There is an interesting exception on the list: “18atcskd2w” was the No. 15 most common password discovered in the data. These accounts were created by bots designed to spread spam on online forums, according to security researcher Graham Cluley.

(This story originally posted as “The worst passwords of 2016 are as lazy as ever” on ZDNet.)

Op-Ed — my 2 cents…

We’ve all been told over and over again to use a different complex password for each and every secured website we use. Without tech help, that’s next to impossible. I recommend you use a password manager to do the heavy lifting for you. I use LastPass, lastpass.com. The desktop version for PCs and Macs is free. If you also want it on your smartphone too, the premium version which covers your desktop and your phone costs $12 per year.