SINGAPORE - An analysis of 15.2 billion passwords by cyber-security news site CyberNews from publicly leaked data breaches found this month that "123456" was the most common password people use.
More complex passwords matter though, experts say.
This reporter randomly punched some numbers and letters on his keyboard and came up with "d8Gw4hU6Vddf". The Cyber Security Agency of Singapore (CSA) website's Password Checker estimated that it will take 400 years for cyber crooks to crack it.
A shorter version with six characters, "d8Gw4h", is projected to be cracked in a day.
Here is a strong password checklist by CSA:
• Use at least 12 characters.
• Use at least a character each from three of the following categories: upper-case letters, lower-case letters, numbers and symbols.
• It is random and does not have an obvious pattern, like replacing a letter with a number or symbol, such as "P@ssw0rd".
• It does not contain any personal information like your name, NRIC and birth date.
• It is easy for you to remember but difficult for others to guess. For instance, pick five or more words related to a memory unique to you, such as "LearnttoRIDEabikeat5" (but avoid anything previously made public, including examples listed here).
Other useful password tips include creating unique, strong passwords for each of your online accounts, said Mr Ryan Flores, a senior manager at cyber-security firm Trend Micro.
This is because if one online account's log-in details are stolen, the same details cannot be used to access other online accounts if the passwords are different.
If the password is strong, CSA said you will only need to change it once a year.
Mr Serguei Beloussov, founder of cyber-protection firm Acronis, said that password managers can help manage many passwords for different online accounts.
One big password sin is that many people save passwords on their phones, he said. If they use their phones on less secure public Wi-Fi networks, crooks could hack into their phones to steal the passwords. Another issue is writing passwords in notebooks that can be lost or stolen.
And whenever you can, enable a two-factor authentication for online accounts, said Mr Flores.