Every year, the computer security company SplashData releases a “Worst Passwords” list, based on commonly used passwords found in lists leaked online by hackers. Coming in at the top two spots for the last three years? “123456” and “password.” You can see the entire list right here – it’s not a pretty sight.

The fact is, we all worry about sophisticated computer viruses installing themselves on our laptops and stealing everything on our hard drive, but the reality is that most so-called “hacking” comes about through old-school techniques – namely, guessing people’s way-too-easy passwords.

It’s not easy to keep track of passwords these days. One recent study found the average US computer user had 130 online accounts registered to their email address. Not coincidentally that same average user had 37 “forgot password” emails in their inbox.

It’s tempting to make short, easy to remember passwords, like your dog’s name or your birthday and to use the same one across multiple accounts. But as more and more of our lives go online, the havoc a hacker can wreak by getting a hold of just one password grows larger and larger.

Here are three rules of good password security to keep your online life safe and secure:

  1. Use “strong” passwords.
    A strong password is long (at least 8 characters, ideally more), has a mix of letters, numbers and special characters and is not based on a real word or name. Hackers can easily use software to determine passwords that use common words with numbers substituted for letters (like “l1brary” or “b00klover.”) Security expert Bruce Schneier recommends shortening a personally significant sentence into a password that will look meaningless to the average person (or computer program), but will make it easy for you to remember. For example, “My favorite novel is To Kill a Mockingbird” becomes “mfn!2KAmockingB.”
  2. Use unique passwords for each online account.
    Yes, the idea of maintaining a separate password for dozens (or hundreds) of online accounts is extremely tedious. (We’ll talk about how to deal with that in a little bit.) But no password is completely uncrackable, and if the worst case scenario does happen and someone gains access to one of your accounts, you don’t want to give them access to the rest of your online life. It’s like losing your house keys; you may have to get new deadbolts, but at least your car, workplace and safety deposit box are still safe.
  3. Use a password manager.
    Using an online password manager – a piece of software that stores and retrieves all your passwords, and can be unlocked with one master password – may seem counterintuitive. Isn’t putting all of your carefully maintained passwords into one computer program just asking for trouble? However, most computer security experts recommend using a reliable password manager, as it makes users more likely to use strong, unique passwords. You can find a recent roundup of password managers at PC Magazine’s website.

Password security is not the most exciting part of being online, but taking a few precautions can save you a lot of headaches later on.

For further reading, check out these articles from Johnson County Public Library’s MasterFile database:

These are the 25 Worst Passwords of 2015

How I Cleaned Up My Passwords in 5 Weeks

Hack-Proof Your Passwords.


Davin is the Virtual Branch Manager at JCPL. He may own more electronic gadgets than he cares to admit, but he’s an old school librarian at heart. Davin believes technology should make life easier, not more complicated. Connecting patrons with the tools that can help them get more done, learn more and have more fun is his passion.

Join the conversation at davin@jcplin.org.

Follow Davin on Facebook

Read More From Davin

Read More From 'Now You Know'

Sign Up to Receive 'Now You Know'