Password leaked the moment you said I love you!

May 20^th is another festival for couples to present the public display of affection. Simple celebration is not enough for them to show their love, so they put it in the code, 5201314. This meaningful code pronounced in a similar way as I love you forever becomes the commonest password for Chinese users.

An article in Freebuf said that there were as many as 4500 people out of 13000 exposed data had the number of 520 in their passwords, according to the analysis of Chinese users’ habits of password setting based on the data source leaked by a ticket-booking website as a result of library crash incident at the end of 2014.

The danger of simple password

Simple password is very easy to crack. This kind of combination of numbers is not only the favorite of Chinese user but also the essential of almost every hacker’s password dictionary. The theory of cracking a password is easy – exhaustion. That is inputting every possibility ceaselessly until the password is cracked. It is the important reason why passwords of numbers only or letters only are not secure. What’s more, people usually tend to use the same password for Tieba, mailbox, Weibo and even online bank for easier memory. Once an account and password are leaked, more accounts information are very possible to be leaked.

How to set high-intensity password

In order to prevent from the data leak, telecom fraud and money losses led by weak password, we had better use independent passwords for different important account and termly change the passwords. The password is better to be a combination over 12 digits of upper and lowercase letters, numbers and symbols. The way of setting high-intensity password:

In the aspect of content, the password should be hard for other people to associate while you can remember.

In the aspect of form, the password should contain at least three types of the following characters: uppercase letters, lowercase letters, numbers and non-numeric symbol (& _ etc.). Meanwhile, we can make some simple changes. For instance, we can turn i into !, letter o into number 0, 11 into 2ge1 (two number ones).

For easy memory, content of the password should be meaningful. But it can be changed into homonymic content. For instance, “just for you” can be changed into “juST4_U”. Also, the length can be extended. For instance, “shezhimima” can be changed into “s_he_zhi_mimA” (insert caret at every certain interval and capitalize a specific letter). Or you can use mathematical operation symbol to set your password like “5*5+5=30?Yes!”.

In addition, you can differentiate your passwords according to their security level. Passwords of bank and email are of the highest security level while passwords of social networking sites are the lowest. Do not use the same passwords for different security levels. For high security level passwords, they should not only be relatively complicated but also changed at regular intervals.

Conclusion

Why do people use simple passwords? It is because they have way too many passwords to remember. The international organization FIDO (Fast Identity Online) aims at making passwords disappear and letting people use voice, fingerprints and certificate signature to realize fast and secured identity validation without passwords. As a globally-trusted CA in the league of FIDO, WoSign CA has been devoting to the realization of fast strong identity validation through the application of digital certificate and allows netizens to get rid of the nightmare of all the passwords. However, most applications still need the protection of passwords, so we still need to handle it carefully.