I’m having a bit of a row with Garmin at the moment. They’ve decided to change their password policy, upping their complexity requirements so that they now require uppercase as well as lower case and a number. This is not a step forward. It means I have to change my password on a variety of PCs, tablets, phones and other devices to one I am less likely to remember, while delivering almost no measurable increase in actual security. See here for more detail.
So here I am, militating for passphrases, telling you how to salt your passwords and otherwise protect your personal information, and generally worrying about next-level security. And then I read this: https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/
The top 5 passwords of 2016? 123456, 123456789, qwerty, 12345678, 11111.
You deserve to be hacked. All of you. And, frankly, Garmin are probably right after all. Password01 (which complies with their useless complexity rules) isn’t even in the top 25. Although it’ll be in every rainbow table ever made, of course.
No wonder everyone’s adding secret questions, asking for your mobile number or trying sort-of two factor authentication. If those are the best passwords you can come up with, we really are in trouble.