Watch CBS News

Weak Passwords Give Hackers The Key To Your Data

PITTSBURGH (KDKA) - Necessary to our cyber health but the bane of our electronic existence, passwords! No sooner than you have one you really like and feel secure, the computer is tell you it's time to change again.

"There is scientific evidence that if we are annoyed about changing our password, we will create a password that's easier for a hacker to guess," says CMU Cylab security expert Dr. Lujo Bauer.

That's why "you find lots of passwords like 'password,' 'password 123,' and 'princess 12345678.'"

During a recent sampling of users, people told KDKA they use everything from family and pet names to celebrities and old phone numbers as passwords.

Dr. Bauer says, "The kind of mistake that people make most often is they assume they specifically will be targeted by a hacker, and then they choose as their password something they think the attacker won't know about them."

He says the reality is the "hacker" is most times a sophisticated computer system that is trying millions or billions of combinations in a flash. Those tries he says will include every possible pet name, people names, cities, countries, and numbers. And he says they are not attacking your personal computer.

"What happens is the attackers successfully penetrate a computer system where you have a password, like a retail site online, and they steal all the passwords from that system," Dr. Bauer says.

As a result Dr. Bauer says to be as safe as possible you should do the following:

1) Use a different password for every account.
2) Use upper and lower case letters, numbers, and symbols
3) Mix up the characters so numbers and capital letters are spread throughout the password
4) The perfect password would be a totally random selection of 32 characters. But since most people won't do that because it's impossible to remember, 12 or more will work.
5) Use a password manager that can be easily downloaded. The password manager will assign a different password for every account and often automatically fill them in as you move from account to account. (The passwords are encrypted so they will appear as gibberish if a hacker should get into your system.)
6) Do not "save" passwords when prompted on social networking, banking, retail, or email accounts.
7) While some systems will prompt you to change your password on a regular basis (and not give you a choice), Dr. Bauer says he only changes passwords if he's had to use them on a computer he does not trust.
8) Never use one of your passwords on a hotel business center computer.
9) On cell phones make sure the number of your passcode are totally random.

Ultimately, Dr. Bauer says password management boils down to risk management, and "using different passwords on different accounts is important to having good password hygiene."

Dr. Nicolas Christin, an electronic and computer engineering professor at Carnegie Mellon University joined the "KDKA Morning News" with Larry Richert and John Shumway to talk about passwords and cyber security.

Dr. Christin says he knows it can be difficult but it is important to have different passwords for all your accounts.

"Using the same [password] everywhere, if one of those accounts gets broken into, they basically have the key to the kingdom to all of your other accounts," says Dr. Christin.

Dr. Christin adds it is like using the same key for your house, car and all your other valuables.

Join The Conversation On The KDKA Facebook Page
Stay Up To Date, Follow KDKA On Twitter

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.