If you just recognized 1q2w3e4r as your password and you are shocked that I called it out, you should be aware that you are not alone. Not only do I know this is your password but so does pretty much every hacker on the face of the earth. Your tricky keyboard pattern for a password isn’t as tricky as you thought after all.
It’s the beginning of 2017 which means all of the organizations that do research in the Information Technology security space are starting to release their statistics for 2016 and the lists of most common passwords found in data breaches.
For a person like me who talks a lot about these things and is working with government and industry to help fix the problem, this is where I gather a lot of my data. This information shows up in my blog posts, presentations, seminars and my rants to people that cross my path in person.
Let me start by saying what I have said so many times before, people are lazy. When I speak of this, I don’t mean in terms of a Netflix binge versus doing the dishes or leaving your grass to become a forest over the course of the summer. In this case I am specifically talking about the lack of effort people take to do the “simple” things that are required to protect themselves from identity theft and potential financial and personal hardship.
Yes, again I am talking about password management.If you don’t think it’s important, let me know how things are going after you have had your identity stolen.
Let’s review the four main points I always like to focus on:
- Use ‘reasonably’ difficult passwords. Click here for some help on this.
- Do not reuse passwords on multiple sites. If you are hacked on one site, you are hacked in them all. Ever notice your Amazon ID is your email ID? (hint hint)
- If you ignore item number 2, make sure that your primary email has it’s own unique password and not used anywhere else. Email is the doorway to your life. Same holds true for you online banking. Make those “special” and different from all others.
- If at all possible, enable some kind of two-step or second-factor login on your important accounts. Information on enabling this on your Google account can be found by clicking here.
I am willing to be somewhat lenient on number 4 because it does take a bit (not a lot) of effort and a little bit of understanding of how to link your phone or a USB device to your account, but number 1 and number 2 should be mandatory and number 3 should be written in law. Not taking the time to do these is essentially welcoming identity theft into your life. I can assure you that the time it takes to do these actions is far less than the years of hardship you may suffer if you become a victim of identity theft.
Also of note, if you don’t know where the 1q2w3e4r password in the title of this post came from have a look at your keyboard and type it out. Any form of simple pattern on the keyboard is right at the top of the list with hackers. Same holds true for QWERTY, QZWXECRV , `1234567890-= and many others.
In this hyper connected world you are already on the identity theft attempt schedule. If you have been clear so far, your number just hasn’t come up yet. I suggest you don’t assist the people that are trying to make your life a living hell that could take years to recover from, if ever.
Jamie Glennon
Safe Identity Canada 