Part One: Why Your Passwords Are Hackable

This post is Part One of Three. Part One will discuss passwords and password formulas and basic hacking. Part Two will talk about the most used (not the most common) pet names. Part Three will show you how to make a good password that you don't have to remember.

As much as you have read that you shouldn't use your passwords more than once, it's human nature. Everyone does it.    

By the time you are done reading all three parts, if you don't want to change the passwords that you use on your websites, then we can only assume that:

• you feel 100% safe because you have chosen the perfect passwords OR
• you already use your passwords only once, OR
• you are lazy, OR 
• the job is too big because of how many passwords you have to change, OR
• you don't care about your online security

Hackers are able to hack so many accounts
 because users choose weak guessable passwords

When users think that their chosen password is the absolute best password ever that no one will ever guess, this makes them feel so secure so that they are more likely to use it on more than one website.  

The longer they go without an intrusion or a hacking scare, the more likely they are to not change them for long periods of time because they assume if nothing bad happened all this time, then there is no reason to change their passwords.  

  
The Top Reasons Why People Re-Use Passwords

People re-use passwords for a variety of reasons, the most common one is that it's easy to remember.  The average online user:

• changes their password every three to five years 
• will not make up a new password and instead will re-use one that they have used in the past
• often keeps a list of five or more passwords they have used for years and they recycle them whenever they change their password  
• likes to pick a new password from something old, something that is familiar

Humor us and take a look at these lists of passwords and password formulas. 

If your password (or a variation of it) is on any of the lists, and if you have used it on more than one website, then you seriously need to consider changing it or, at the very least, enhancing it to make it stronger.  


These lists are commonly used passwords as defined by experts which are the most hackable.  We admins have seen these passwords used by hacked accounts that we have helped to recover.


In no particular order, both with or without capitalization and with or without a mixture of numbers, letters or symbols:

Examples of Bad Passwords

• the word "password" in any format
• username or myusernameis
• 00001234
• yournamehere
• password123456
• qwerty 
• letmeinnow
• asdf_jkl; 
• numbers in sequences:  987654321 or 123456789
• abc123
• dragon
• admin1234
• starwars
• helloitsme
• mypasswordis
• JFK11221963
• 11111111
• charlie tuna
• youvegotmail
• barack obama
• the word "welcome"
• donald trump
• mactheknife
• facebook1234
• hilary clinton
•  q1w2e3r4t5y6 
• abcdefg or abcd1234
• the words "iloveyou"
• the words "your name here"
• 
  

Examples of Bad Password Formulas  

• city of birth (belonging to you or a family member) and a birth year
• a pet's name, no matter if it is your pet or not
• your first, middle, maiden or divorced name or an immediate family member
• your child's name - first, middle or last
• a favorite sports team's name or mascot's name
• dates that are important to you with or without a year - an anniversary, a birthdate of you, a child, a spouse, pet's birthdate, a relative's death date, a graduation date
• a favorite holiday of the year
• a favorite vacation spot
• your honeymoon destination
• your present city
• a present or former street address of yours or a close family member 

Geez, I guess you're thinking that there's nothing left.    

There is, but you have to put on your thinking cap.  

Before we go further, we want to point out the obvious and that is how a hacker gets any of the above information in the first place. 

As much as we don't like to blame the distraught Facebook user who has been hacked, it's usually his own fault that he has been hacked because of his privacy settings, or lack thereof. Leaving personal information exposed - like a present city of residence, locations of past schools jobs -  these give the hacker enough information to steal the user's whole identity.  

Remember: Facebook doesn't "need" to know where you went to school, where you work, and the names of relatives, which by the way, they connect to you with 'live' links to their Facebook accounts.  Facebook will ask, but they don't need it.    

So take a look at your Facebook settings, and hide or remove any information in the bio, introduction, "about" section, timeline posts, and comments that provide personal information so that a hacker can pick you out among a list of people with your same name.  

How People Find You

When anyone wants to know information about you, the first thing they usually do is check to see what you have exposed on social media. They will check for accounts on Facebook, Instagram, Tumblr, and other social media accounts.  Then they will type your name in Google's search box with your zip code or city.

You would be amazed at the wealth of information in the search returns.  Sometimes there's stuff you thought no one knew because you kept it private.  

The results also give them links to your social media accounts and any websites or blogs you might own, have contributed to, wrote as a guest blogger, or left comments.

There is one site, Radaris dot com that provides far too much information, including your current phone number and email address. Their terms of service states that the info can only be removed from their site by you after you prove your identity to them.  

A word to the wise.  You might be motivated to follow their process to prove your identity because your eye is on the prize of having your information removed from their website.  But you have to keep in mind that these websites also sell information which means you don't know how many times your info has been sold or how many sites already have it.  

Don't get conned by believing they will remove your information from their site because sometimes the hoops you have to jump through to get them to do that are not worth it.  I looked into it to see what they would require as proof and I chose not to follow through because proving my identity meant uploading my photo driver's license. That is the one piece of information you should be guarding with your life because it irrevocably links your information to the picture on Google and other search engines as well as facial recognition programs.

Since the photo driver's license was one piece of information I pretty much knew they did not have, I wondered what they would be comparing it to in order to verify my identity.  

So guard it with your life and don't give it to any website so they can further link you to their search results or sell it as a "premium" with other information.

Besides, if they do remove your information from their site, there's no guarantee they won't put it back on their site again, so tread lightly.

Within the search results, there are always advertisements but they are usually advertisements with an ulterior motive.  While most users skip over the ads, sometimes there's a fact in one of the ads that might catch your eye enough to raise your curiosity.  That's because the ads are geared to show certain key facts about you that are absolutely true, to persuade a user to click on it to investigate. Nine times out of ten, it is a con, but most people are curious and will click on the  ad.

Once you do, the webmaster or website moderator can see who you are, where you are located and all the information that is attached to the account you are using.

If you are new to their website, a login box will popup to ask you to create an account. It goes directly into their database and is compared against any info about you that they already have and if they see anything different, they will use it to update their records.

This is another reason why we always teach that you should Google yourself once or twice every month to see what Google is telling searchers about you.  If there are any surprises, you might be able to take action.


After the ads, the rest of the results will include tracking sites like ancestry.com, truthfinders.com, radaris.com, and intellius.com.  These sites provide a lot of information about you and they didn't even have to hack you to get it. It is all available online for free - compliments of the Freedom of Information Act (which in our opinion is one of the worst infringements on our privacy). 

This law allows anyone to see key details about your life such as your credit rating, important dates like birthdates (with or without the birth year) email addresses, former residences, etc. for not only you but sometimes your immediate family members too, your past and present employment, schools attended, and graduation years, if you have a mortgage and with whom, etc. 

This law is how most of those sites collected your information so they could use it to populate their websites. Without it, they'd have to resort to other tactics to gather the information or they wouldn't have a website anyone would want to use. 

The search results from Googling your name are similar to the information that we showed above for a password formula:

• your birthdate, some portion of your social security number with the rest "blacked out;"  
• any other names you now use or have used in the past, your credit rating, dates like birthdate or just the birth year, your schools and graduation years, your mortgage company, if you have a car loan or lease and whom you pay;
• your marriage and divorce date;
• names and/or birthdates of your children, their ages, their names and addresses of spouses or significant others where they have had mail sent to their addresses;  
• your former and present phone numbers and mailing addresses; (Two sites have a list of all your neighbors, their addresses and their phone numbers)
• your former and present employment including dates and addresses;
• if you are affiliated with any websites.

A hacker doesn't need all of the information found in search results. He can target his next victim with minimal information such as:   

• your birthdate OR
• a phone number (as seen on your Facebook account)
• your present location with or without an actual street address (a zip code or city is enough) OR
•  the name and location of your high school.

All hope is not lost. You do have some options to protect yourself which we will explain in the next two parts of this series.  

Please share our link with your friends so they can enjoy our websites too. Thank you for stopping by. 

Part Two: Most Used Pet Names Passwords

This post is Part Two of Three. We will discuss the use of pet names as passwords and give you a list of the most used pet names. 

Many people use their pet's name, or some variation of it, as their password.  When they change their password, they stay "with the theme" which means they keep using their pet's name but may change it slightly, for example, adding symbols or numbers to the name.  t 

There are users who keep a short list of "My Frequently Used Passwords" so when they change their passwords, all they do is rotate or shuffle them so that those are the only passwords that they ever use.   

We all love to show pictures of our pets on our social media accounts, especially when they do funny things.  But using a pet's name as part of your password is not the best idea, especially if you mention the pet's name when you are flashing their pictures.  

An alternative is to add numbers and symbols to make the password harder to hack which is good, but in some cases this is also not the best solution because people tend to add 12345, or their address, their phone number, birthdate, pin number or other significant number.

Don't do that.


The following list is not a list of the most common names that people name their pet.   It is a list of pet names that are most used as passwords and are also the most hackable. 

It's a happy day when a hacker has guessed a password

If your pet's name is on the list, you should consider not using that name anymore and make a different password.  We'll give you some more examples in Part Three. 

In alphabetical order, the most popular pet names used as passwords are:

• Apollo
• Atticus
• Baby or Babe
• Bailey
• Bandit
• Bear
• Beau
• Bella
• Benji or Benjy
• Benny or Bennie
• Biscuit
• Blade
• Brady
• Brandy
• Brutus
• Bubba
• Buddy
• Buffy
• Buster
• Butkus
• Caesar
• Cat 
• Champ
• Charlie
• Chico
• Chloe
• Cinnamon
• Coco
• Cookie
• Cooper
• Cowboy
• Daisy
• Dakota
• Diesel
• Dog or Doggie
• Dollar
• Dolly or Dollie
• Drax
• Duchess or Duchy
• Duke
• Elvis
• Fido
• Fred or Freddie
• Ginger
• Gizmo
• Gracie
• Gunner
• Harley
• Harry
• Izzy
• Izzy
• Jack
• Jake
• Jaws
• King
• Kitty
• Kono
• Lady
• Ladybug
• Lex
• Lily
• Logan
• Lola
• Lucky
• Lucy or Lucie
• Lulu
• Luna
• Maddie or Maddy
• Maggie
• Manny
• Max
• Maya
• Micky 
• Midnight
• Milo
• Minnie
• Missy
• Misty
• Molly
• Monk or Monkey
• Muffin
• Oliver
• Oscar
• Peanut
• Pearl
• Penny
• Pepe
• Pepper
• Plato
• Prince
• Puff or Puffy
• Queen or Queenie
• Quinn
• Ranger
• Raven
• Rocco
• Rocky
• Romeo
• Rover
• Roxy or Roxie
• Rusty
• Sadie 
• Sam or Sammy or Samantha
• Sandy
• Scooter
• Scout
• Shadow
• Sheba
• Simba
• Smoky or Smokey or Smokie
• Snow or Snowy
• Sophie
• Spike
• Stella
• Sugar
• Sully
• Sushi
• Sweetie or Sweety
• Taco
• Tank
• Teddy
• Tiger
• Tigger
• Tracker
• Truck
• Tucker
• Widget
• Willie
• Yugo
• Zeus
• Ziggy
• Zoe or Zoey

 Is your pet's name on the list?  

Continue to Part Three where we will show you how to make a good password that you don't have to remember.

Please share our links with your friends so they can enjoy our websites too. Thank you.

Part Three: Making Passwords You Don't Have To Remember

In Part Three, you will learn how to make a good password with a little trick to do so that you don't have to remember it.    

How to make a good password 

Tracking Visitors

Many websites track their visitors in some way, but it is usually confined to their activity while on their website.  You'll know this is true when you see a banner or sidebar box showing the products or topics you just viewed, or when you get an email that you left an item in your cart that you chose not to purchase, or that the product was all of a sudden reduced in price.

Some sites slip extra permissions in the clauses of their terms of service (TOS), which most people don't read.  They'll say by accepting the TOS that you are giving them access to your friends list. If they don't tell you this up front, you'll find out when your friends say they are getting many more popup and sidebar ads.  It's all legal, as long as each visitor accepts their terms of service.

A strong password is not going to help you on those kinds of websites.  The best you can do is to leave the site as soon as they tell you they want to access your friends list or if their TOS requests or permissions goes beyond the scope of using their site.  

It is almost impossible not to accept cookies but you can and should customize your preferences and restrict their access to the least amount of your personal information.

How Did They Know That?

Some websites want their new visitors to create an account. When they come back on their next visit, usually they are required to verify their identity using multiple-choice security questions. The correct answer will always be one of the choices and the website will know if you select the wrong answer because they only choose questions with answers that are already public information, like the year/model/ or color of your first car; the street you lived on in a particular state; or the name of your grade school.  

Just know if they used public information for their security check questions, then even an amateur hacker knows that information too and can hack your account in a heartbeat. 

Passwords are also tracked on many websites. To remember screen names and passwords, many people tick the "Remember Me" box.  It really is so easy - too easy  - because if your computer is remembering your login information, then so is the website.  How else will they know if you entered the correct login information?

Make It Long and Strong

A hacker assumes that you re-used the same password, or a variation of it, from site to site. Stop doing that because you are making the hacker's job very easy. The one thing that will make a hacker move on to other victims is if he has to waste too much time trying to crack your password.   

Internet security experts say that the best passwords are between 18 and 26 characters long, with a combination of upper and lower case letters, sprinkled intermittently with numbers and symbols. Don't use a real word as any part of your password. If you do, then mix it up by inserting numbers and symbols after each letter.  

If you use a short personal password that defines you, think about which of your friends and associates know that about you too. Then go change it to something else.

Your password box on each login screen shows an asterisk for each letter or number which tells the length of your password. If a hacker sees a lot of asterisks, he will know your password is a combination of random letters and numbers, will give up, and find someone else to hack. 

Hacking is a time-sensitive activity. He must get into your account, steal it and get away as fast as possible. 

Choosing Passwords

The most common passwords are the names of your pets, so it should go without saying that you should never use the names of your pets as a password on any website and certainly not on multiple websites.  It's too easy to forget that you mentioned their names on a photo, or you talked about them on a blog, or in a comment on Facebook. 

A hacker who figures out one password for one of your accounts will keep trying it because he hopes you used it on other websites too.  Don't give him that satisfaction; use different passwords.  If you must use familiar names and passwords, then add digits or symbols up to 26 characters.

Most people generally have a harder time choosing the beginning of their password, but adding numbers and symbols seems to be much easier.  

So you might be thinking "How will I ever remember so many different passwords?"

There's an app for that! 

In the early 2000s, the advice to remember passwords used to be to make up a sentence so the first letter of each word corresponded to each character in your password.  The sentence idea wasn't the best because people who couldn't remember a password were expected to remember the sentence they used for each site.

Gone are the days when you had to write down your passwords in a notebook, or forward your newest change of password to your email for safekeeping, most likely put in a dedicated folder. 

By the way, keeping your passwords in one of your email folders is not as safe as it used to be because emails tend to get hacked much more often than Facebook accounts.

The best way to remember your passwords is to let something else do the remembering for you - a password manager.  

Some people shy away from this idea because they don't understand how they work or they don't want to learn something new.  You will see that password managers are easier to use than you might think.

Password Managers 101

Anyone who has been hacked in the past may think they need to buy an expensive password manager, but it really isn't necessary. 

Some add a few bells and whistles to make them more attractive or to validate their price. Some have built-in password generators to offer stronger passwords. Others protect your credit card and bank account numbers by offering encryption.

Today's most popular internet security measure is requiring two-step authentication where a code is sent to your email or cellphone before granting access to your information. This only works well if you have the same cellphone or email at the time they send the code.  

We know one guy who set up his Facebook account with one phone number and ten years later when someone reported him so that his identity was called into question, the code was sent to a phone he no longer owned. He got his account back by answering security questions.  

We know a gal who was locked out of her Facebook account because it was hacked. The phone number and security questions were no longer valid because the hacker changed them when he took over the account. She had to make a new Facebook account and try to get back hundreds of friends.

So for the two-step authentication to work, you have to change the information each time you get a new phone number or email address.

For purchasing password managers, the prices range from free to $100 and some are sold by yearly subscription. By the way, if you have a Norton virus protector, one of the features is a Password Vault which is free with your Norton purchase.

We don't like to wait for a code to get access to our information so for us, a password manager has to be simple and free.  We don't think that paying for one makes it function any better. It either works or it doesn't. Your money isn't going to make it work any better.  

The main idea is to keep all your "different" passwords in ONE place guarded by ONE master password. 

So the first thing you'll need to do is to make one really terrific master password, preferably using 26 characters.  After that, every time you create a new account or change a password, you will be prompted to save the login information to your password manager.  

Which password manager you use depends on what you want it to do, how easy it is to use, and the way you want to access your passwords.

Review of Password Managers

In no particular order, here's a little info about the most popular password managers.  

CHROME

 

If you use CHROME web browser, you don't need anything else. 

The Perks:  it has a built-in password manager that prompts and remembers your passwords as soon as you type them. All you have to do is sign-in to CHROME with ONE password. Then when you go to any website, your password will be auto-filled.

 

Another advantage of using CHROME is that your password manager and your bookmarks are available across all your devices as long as you are signed in to the same CHROME account. 

 

The only downside is if more than one person uses your device, they will already be signed in to your CHROME and can access your password manager.  So if you are the only user of your device, CHROME is a good choice. The link gives you step-by-step instructions. 

LASTPASS

LASTPASS

LASTPASS is a password manager and password generator.  There are extensions available in your App stores for Chrome, Firefox, Edge, Safari, Opera, and Microsoft.  

The Perks: It has two-factor authentication, automatic password capture as soon as you create a new password, auto form-filling, and a separate Secure Notes feature that stores bank account and social security numbers, etc.  As with all password managers, you have to create an account.

Keeper

Keeper Password Manager

Keeper is available for Windows, Linux, MacOS, Android, IOS and has extensions in your App stores for various web browsers.  

The Perks:  Unlimited passwords, storage of your payment details and a built-in auditing tool that alerts you when passwords are used more than once, or if a password is particularly weak and needs to be made stronger.

Symantec Norton Identity Safe

Norton Password Manager and Generator

You don't have to buy a Norton Anti-Virus to get the Symantec Norton Identity Safe password manager because it is free in your App Store. It is both a password manager and a password generator. 

 

The Perks: besides the security of having Norton's name on it, this password manager and password generator helps you to make strong passwords using prompts. It has a Safe Web feature to alert you to malicious web pages and an automatic password prompter to change a password whenever it is used on more than one website.   You can either download the program or go to your Extension store to add it as an extension.

Enpass Password Generator

Enpass 

Enpass supports these operating systems: Windows, Mac, Linux, IOS, Android, Chrome OS, and about seven others. 

There is a pay version, but here are the Perks for the free version:  Offers cloud backup, fingerprint support, password generator, web form autofill, and data import. It has separate vaults for personal, work, and family passwords.  

The downside:  Enpass limits storage for Android device users to 20 passwords, so if you are a heavy website user, you might want to skip this one.

LogMeOnce Password Manager

LogMeOnce 

LogMeOnce password manager has a free and a paid version. 

The Free Perks:  Gives emergency access to photos only. There is a kill switch for wiping off data stored on any device that is stolen, and a secure wallet for storing credit card and banking information. 

An automatic password changer prompts you to change passwords at timely intervals. LogMeOnce also allows you to add a person as a beneficiary who can take control of your account if something happens to you.

True Key (owned by McAfee)

True Key Password Manager

True Key password manager supports Windows, MacOS, IOS, and Android. It supports CHROME, Firefox, and Edge web browsers.  

The Perks: You can sign in using 1) a password, 2) facial recognition, 3) fingerprint , 4) Windows Hello, or 5) two-step authentication. 

 

You aren't required to have a master password if you use two-step authentication. It has a password generator to help you make stronger passwords, a digital wallet to store financial information, and it encrypts your login credentials if you use the manager on more than one device. 

 

The downside:  The free version only allows you to save 15 passwords, while the paid version allows you to save unlimited passwords.  So if you have more than 15 passwords to store, True Key isn't for you unless you want to pay for it.

 

Dashlane

Dashlane Password Manager

The free version of Dashlane password manager stores 50 passwords but only for ONE device. You will need to put a separate Dash Lane password manager on each device.

 The paid version (about $5/month in 2019) allows access on unlimited devices, an unlimited number of passwords, cross-syncing, and cloud backup. 

The Perks: Dashlane is available for Windows, Mac, IOS, and Android operating systems. It has a strong password generator tool to help you make the best passwords, and emergency contact option if you forget the master password. Dashlane uses Secure Notes to store bank and credit card information. 

The downside: the free version is only for one device, so if you only have one device, this is a good choice.

We know this three-part tutorial was a lot of information to digest at one time, so please read it over once, then come back later for another read.  We hope this tutorial will discourage you from using the same password on multiple websites.  

Please let us know how we are doing in the comments.  Thanks for stopping by.