Given how much havoc a malicious hacker can wreak after getting a single user's login information (especially if the user happens to have elevated privileges on a corporate network), SplashData's list should serve as a keen reminder to IT admins the importance of strong password policies. Per InfoWorld Security Adviser Roger A. Grimes, not even a complex six- to eight-character password -- that is, one composed of letters, numbers, and special characters -- will suffice in today's increasingly penetrable cyber world.
One of the challenges of complex passwords is remembering them, which explains at least part of the reason so many users gravitate toward simple strings. Security experts recommend a handful of password-creation strategies to make the task easier and which admins could pass on to users.
For example, users could combine phone numbers and street names from their past into a single password, swapping in special characters and capital letters for good measure. For example, if your childhood phone number was 987-3671 and you lived on Westhaven, you could come up with a password such as 987wEst+havEn3671.
Beyond requiring strong passwords, organizations and users also need to cut down on password reuse -- that is, using the exact same password for different personal and work accounts.
One other point: Developers who have dragged their feet in encouraging or at least allowing users to employ complex passwords should reconsider and recode, as necessary. Users, whether customers or employees, may not be immediately thrilled with having to think of a password that's harder to remember than "111111." In the long run, it's better for the user and your organization if you have strong passwords protecting your apps.
This article, "Stop using these 25 passwords today," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.