Skip to content

Bad Passwords

Make your code hard to hack, easy to recall

En español  |  It has happened again: A hacker allegedly stole — and published — almost a half-million usernames and passwords from Yahoo this week.

This incident comes on the heels of a similar one at LinkedIn last month, when some 6 million user passwords were stolen.

Sign up for the AARP Money Newsletter.

letterpress password, avoid bad password yahoo thef


Don't use the word password as your password.

What's a computer user to do?  While you can never be completely secure, tech experts say you're less vulnerable if you have a difficult-to-hack password. Here are some things to keep in mind:

If "password" is your online password, you're in good company … and that's bad. As the single most popular log-in used to access online accounts, it's also the one most easily hacked by cybercriminals.

Changing the "o" to a zero — "pass-w0rd" — is not much better. It ranks as the 18th most common, according to SplashID, a company that produces password management software. And with more websites now requiring passwords to include both letters and numbers, you may think you're safe with "abc123." Think again. That password ranked fifth.

Some new trends have popped up in SplashID's analysis of millions of passwords. Joining the longtime "don't use" password "qwerty" — the top left letters on a keyword — is "qazwsx," a top-to-bottom sequence on the left. There's also increased use of common names. Officials, however, are baffled by the popularity of "monkey" and "shadow."

But what's clear is that using any of these passwords significantly increases your risk of identity theft. Although cybercrooks sometimes apply sophisticated hacking software, they're more likely to depend on the old-fashioned method: repeatedly trying common passwords to log into your account.

Here's how to make passwords harder to hack yet easier to remember:

  • Go long. Use at least 12 keystrokes. One study shows that a good 12-character password would take hackers more than 17,000 years to crack.
  • Mix it up. Use upper- and lowercase letters, spaces and underscores, and symbols like @ and %.
  • Finesse your favorites. For easier recall, base your passwords on foods you like, TV shows or first letters of a song, but with tweaks, symbols and conscious misspellings.

Whatever you choose, use different passwords to access online financial accounts, email, social networking and even to post comments on websites. Consider changing them every 90 days or so.

To gauge password protection, go to and select "Create Strong Passwords."

Sid Kirchheimer is the author of Scam-Proof Your Life, published by AARP Books/Sterling.

You may also like: Passwords in trouble.