In March 2019, a news said that, Why the password “ji32k7au4a83” and “au4a83” has appeared over a hundred times in the site Have I Been Pwned(HIBP)? – asked from an engineer from Los Angeles.
Actually, the reason is that the Taiwanese keyboard with the Zhuyin Fuhao layout, these mean “my password(我的密碼)” and “password(密碼)” in Chinese.
Started from this issue, how do you know if your password are safe enough?
In ITE2 NAS – NE-201, you need to create a password for the initial administrator account, but other accounts can use OAuth 2.0 authentication to access PDM by Google or Facebook account, so that these user don’t need to create a password. Reducing your password hacking risks and also you don’t need to remember one more password.
So, how should we create a secure password for the initial administrator account?
First, please remember these principles of creating a secure password:
- Create passwords that you would never forget.
For Safety, some people will use garbled password (such as D@Li3t5<, W4#T8s, …… and so on), but these passwords are hard to remember.
Therefore, people might write these passwords down in a notebook. This behavior would increase the risk of password leakage.
So, be sure to create the password that you would NEVER forget.
- Avoid using common word as passwords
According to welivesecurity.com, the top 25 worst passwords is including some common words, such as ‘123456’, ‘password’, ‘sunshine’, ‘admin’, ……and so on. So DO NOT using these words as password.
Additionally, the password “ji32k7au4a83” and “au4a83”we mentioned earlier are belong to common word, too. Because it would be hacked easily by the hacker that know the Zhuyin Fuhao layout.
- DO NOT use personal info as a passwords
Personal information is easy to remember such as name, family, pet name, birthday, telephone, ID number, ……and so on. However, If hacker found out your personal information, that also makes it easier for a hacker to crack them. Be sure DO NOT using them directly.
- DO NOT use a word or sentence as a password
Such as ‘apple001’, ‘idontknow’ and ‘letmein’, it would be cracked easily by using dictionary attack.
- DO NOT use the same password everywhere
We cannot trust all the websites are safe enough, if hackers get your password from one of these websites, they can use that password on all your accounts.
So we suggest that user should use different passwords for different websites, especially your email and bank account.
Then, how to design a secure password? We will talk in the next article.