Donate |

10 passwords you should never use on Facebook—or anywhere

Consumer Reports News: May 11, 2010 10:08 AM

Find Ratings blob logo

Many people have had their Facebook account broken into by criminals, according to our latest report on consumer experiences on social networks. One victim told us how a con artist used her friends list to try to obtain money from her personal friends.

How do criminals break into a Facebook account? One way is to guess your password, so it’s important to always use a strong one that’s at least eight characters long, and includes numbers, symbols, and upper- and lower-case letters. (For more advice on staying secure on Facebook, see 7 things to stop doing now on Facebook).

Facebook won’t let you create a password that’s less than six characters long and, when you try to create any password, it will tell you how strong or weak it is. Words found in the dictionary are considered very weak. In fact, when you try to enter many common words, such as “season,” Facebook rejects them and displays this message:

Password change not successful.

You may not use a dictionary word as your password. Please choose a more secure password.

Surprisingly, I found on Monday, Facebook still accepts a number of common short words, even though they are in the dictionary. These should never be used as a password without adding at least one digit and a symbol somewhere in the middle of the word. Here are 10 that I was able to use, even though Facebook rated all of them as “weak”:

  • circus
  • orphan
  • better
  • higher
  • medley
  • valued
  • secure
  • social
  • hijack
  • victim

Another surprise: Facebook accepted some passwords that are nearly as risky, namely a short first name followed by one digit, such as joseph1 and susan1. The site also accepted dictionary words longer than 6 characters, which it rated as weak, such as haircut, blunder, and criminal.

By the time you read this, Facebook may well have blocked the use of the above passwords. But the fact that it accepted them, contradicting its own warning about using dictionary words, is worrisome. If Facebook is to minimize account theft, it should tighten up such loose ends by rejecting all passwords that are too weak, including all common dictionary words.

To find out how strong or weak a password is, try Microsoft’s password checker.

Has your social network account ever been hijacked? If so, share your story below, including any information that may help others avoid the same fate. Also share any tips you may have for creating passwords that are strong but easy to remember.

—Jeff Fox

Jeffrey Fox

   

Find Ratings blob logo

Computers Ratings

View and compare all Computers ratings.

E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Electronics & Computers News

Connect

and safety with
subscribers and fans

Follow us on:

Cars

Cars New Car Price Report
Find out what the dealers don't want you to know! Get dealer pricing information on a new car with the New Car Price Report.

Order Your Report

Mobile

Mobile Get Ratings on the go and compare
while you shop

Learn more