​Passwords… can’t live with them, can’t live without them

|Yossi Amara


In today’s tech driven world passwords are something that have become part of our everyday lives. There’s no getting away from them, but when it comes to creating your passwords, there are several questions that you should always ask yourself:

1. Is my password strong enough?

2. Is it an effective password? Does it do its job well?

3. Is it safe for me to use the same password on multiple sites?

4. How can I remember so many different passwords for so many services?

These are all reasonable questions and I hope that after reading this post you will have some of the answers.


According to CSID’s ‘password habits’ survey (September 2012), 61% of people reuse the same password on multiple websites and 54% of consumers have only five passwords or less.

In fact splashdata recently posted a blog that listed the 25 most common passwords and worst offenders. This list took its influence from the major security breach suffered by Adobe in which 38 million accounts were compromised. Here are the top 10. Any of these look familiar?

Rank   Password

1.            123456

2.           password

3.           12345678

4.           qwerty

5.           abc123

6.           123456789

7.           1111111

8.           1234567

9.            iloveyou

10.         adobe123

Let’s put this into context. When you calculate risk,  you take into account the probability of something happening and the impact it would have, if it were to happen. This is simplifying it somewhat, but in basic terms this calculation will provide a risk level. So the fact that 61% of online users are adopting the same password/s across multiple websites and in some cases choosing commonly used passwords, multiplied by the increasing number of data security breaches over the past 3 years, it becomes clear that the resulting risk could be problematic. So what can you do to help keep your personal data online secure?


Tips for Creating a Strong Password:

The best way to create a strong password is to create a unique password, without any logic or link to other passwords. However, with so many passwords required this is sometimes a difficult approach to follow, so I suggest something in-between. The resulting password will be complex and long enough to be effective, but a good deal easier to remember.

Step 1: Choose a sentence – The Sky IAmazing And Blue Today

Step 2: Take the first letter (I bold it) of each word “tsiaabt”

Step 3: Now add a symbol, like $ and add it where it makes most sense for you, so your password could be: “tsiaabt$”

Step 4: Choose a number, lets choose 15 and add it. So the password is now: “tsiaabt$15” 

This will now act as the master password, which can be adjusted as per each of the online services that you use.


For example, let’s take Facebook:

Step 1: We will take the first two letters “FA” and the next to last letter: “O”. Note that these letters are all in capital versus our master password, which is lower case.

Step 2: We will then take the two letters “FA” and add them to the start of our master password

Step 3: Finally we will add the “O” one letter before the last character of the master password. So for Facebook your password would look like this: FAtsiaabt$1O5

The result is a password that is 13 characters long and of high complexity.


A Few Things to Note:

– If someone finds out your master password and/or understands the logic you used to create it, you will be at risk. So always keep your password and method to yourself. Secondly the password created in this post is simply an example. You must find your own starting sentence and create your own unique master password and password variations.

– For financial services and your bank accounts it is advised that you use different passwords created with different logic. If you still decide to follow the master concept, then please choose a different starting sentence and resulting master password.

– Last but not least, if the online service offers two step verification as a security enhancement, it is wise to use it.


It is also worth noting that today there are several password manager tools (post by Dark Reading) available on the market that will help you securely store your passwords. That said, it is crucial that you make the password to this service as strong as possible. The easier the password is, the less time it will take a hacker to crack it.  This is the password to your safe, so choose it wisely. In addition many of these password manager tools can be sued to define a password for you. You won’t necessarily know the password and will use the password manager tool to login to the system and is good practice if you require a very hard and complex password e.g. N9}>K!A8$6a23jk%sdf23)4Q[uRa~ds{234]sa+f423@.

The above are all steps that I would advise you to take and whilst they won’t provide protection in a case whereby your vendor doesn’t secure your password properly, they will definitely make it much harder for the hackers out there.





Hitting "Publish" is only The Beginning!

Download our free A-Z Guide to Brand Publishing to find out how to make the most of your content strategy.

Yossi Amara

Yossi Amara

Yossi Amara (CCISO, CRISC), VP of Information Security, joined Outbrain in January 2014 from Conduit. A seasoned Security veteran with... Read more

Add A Comment

* Your email address will not be published. All fields are required.

  • Eric| June 18, 2016 at 10:10AM

    Use said the password management tools can be “sued”. I think you meant “used”.


Want to promote your content?