Google Warns Against Weak Passwords

Google would like to take this moment to remind you to choose a strong password. Too many passwords are weak or poorly guarded. People choose obvious passwords, like "password," or share them with friends or display them on Post-it notes that hang from their computer monitors.

Surveys detailing such folly can be found at PasswordResearch.com, a site maintained by IT security consultant Bruce K. Marshall. They present findings like 70% of people do not have unique passwords for each Web site and nearly half of all people write down their passwords. Read the papers and weep.

Password security is particularly important for Google because Google Account passwords unlock the keys to an individual's Google kingdom from anywhere in the world. (Google does not currently offer a way to limit Google Account access to certain IP addresses or ranges.) There is no firewall to bypass or office to break into when compromising a Google Account. The right password is all that's needed.

Google engineer HongHai Shen wrote a blog post about password security on Wednesday, acknowledging that fanatical devotion to strong passwords -- generating a random eight character string every two or three months -- probably isn't necessary for everyone. But he still believes passwords should be chosen with care. "Whether it's for your Google account, your banking center, or your favorite store, choosing a good password and keeping it safe can go a long way toward protecting your information online," he wrote in his blog post.

HongHai's advice, though timeworn, bears repeating because so few take such recommendations to heart:

Avoid common elements when choosing your password. That means no words you'd find in a dictionary, which might be vulnerable to "dictionary attacks." It also means that clever concatenated phrases like "letmein" or "opensesame" probably aren't all that clever. Figure too on the fact that patterns on keyboards, like "1234" or "asdf" are available on keyboards all over.

Make your password as unique as possible. This ought to go without saying, but, there, it's been said. Add numbers and non-alphanumeric characters to your password. Mix uppercase and lowercase letters.

Create different passwords for different sites. The benefit of doing so is obvious: If someone does steal your password, he or she doesn't have access to every Internet service you use. Particularly for financial and health sites, you should have unique passwords.

Don't share your passwords with anyone. And don't send them in an e-mail if you can help it.

Be careful how you share your information online. Social networking sites in particular have a poor record of keeping user information private and the gadgets that are popular on many of these sites are not developed with security in mind. If there's a way to find out how these sites and applications share data, it can be worth doing so.

Google provides additional password guidance in its Gmail Help Center documents.


  Chee Yan

June 9, 2008 at 5:51 AM

Wow. Is it that serious? I think i gonna change my password to a more complicated one.


  Suresh Kumar A

June 9, 2008 at 6:08 AM

Yes, its sure. Please be aware and make sure your password is more secure.

  Ramesh | The Geek Stuff

June 9, 2008 at 12:52 PM


I came to your blog from your comments posted on problogger.net. I read several of your posts and they very well written and interesting. Excellent job.

Talking about Passwords, I wrote an article about creating strong passwords:


Ramesh | The Geek Stuff

  Suresh Kumar A

June 9, 2008 at 10:30 PM

Thanks for your time spending on my blog. i visted your blog. Its really very interesting

Its up to the users to think whether their current password is secure or not. If you think its not? please go ahead and make it secure.

Don't allow any intruders to access your site/bank accounts.


June 16, 2008 at 8:21 PM

you posted a real password management post and also mention the google view on this. makes a real gr8 post