Ten Worst Passwords on the Web

Lately, a number of my friends have been getting their e-mail hacked into. My niece, Hilary, sent me this January 23rd article in Gizmag and I thought it was worth re-posting. It’s about passwords…simple things we can do to make our computers safe (safer) from hackers. Hilary said she discovered she was guilty of using nearly all of these passwords!!

The ten worst passwords on the web, and why you really should read this article.

By Ben Coxworth

You’re not fooling anyone with that “123456” password of yours. “Password” isn’t much better, and sorry ladies, but “princess” is also no good. These are among the findings in a report released by Imperva, a data security firm that analyzed 32 million passwords recently exposed in the Rockyou.com breach. Not only did they identify the most common, and thus easily-guessable passwords, but they also suggested some effective methods for creating secure ones.

Rockyou.com is a website where users can develop apps to use on social networking sites. Last December, a hacker gained access to all of Rockyou’s members’ usernames, email addresses and passwords (which had been stored in plain, unencrypted text) and posted the passwords to the Internet. Given that many people use the same username and password for all of their online dealings, such as banking, the results could have been disastrous. Fortunately, the perpetrator seemed to be mainly interested in exposing Rockyou’s insufficient security, as they didn’t post the usernames or emails.

Imperva analyzed the hacked data, and compiled their findings in the Consumer Password Worst Practices report. Of the 32 million passwords involved, the ten most common were:
# 123456
# 12345
# 123456789
# Password
# iloveyou
# princess
# rockyou
# 1234567
# 12345678
# abc123

It was found that almost half of the members used names, slang words, proper words, or trivial passwords such as consecutive digits, or adjacent keys on the keyboard.

So, what sort of password SHOULD people be using?

Imperva made the following recommendations:
# It should contain at least eight characters (30% of users had passwords that were six letters or less)
# It should contain a mix of four different types of characters (i.e: upper case, lower case, numbers, symbols)
# It should not be a name, word, or contain any part of your name or email address

The report also suggests using a different password for every website, not sharing your passwords with third parties, and using the first letters of each word in a sentence as your password (For instance, “this little piggy went to market” would be “tlpWENT2m”).

“The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism,” said Imperva CTO Amichai Shulman. “Never before has there been such a high volume of real-world passwords to examine.”

Source: Gizmag

About Suzanne

Suzanne Woods Fisher writes bestselling, award winning fiction and non-fiction books about the Old Order Amish for Revell Books. Her interest in the Plain People began with her Old Order German Baptist grandfather, raised in Franklin County, Pennsylvania. Suzanne's app, Amish Wisdom, delivers a daily Amish proverb to your phone or iPad. She writes a bi-monthly column for Christian Post and Cooking & Such magazine. She lives with her family in California and raises puppies for Guide Dogs for the Blind. To Suzanne's way of thinking, you can't take life too seriously when a puppy is running through your house with someone's underwear in its mouth.

Comments

  1. Mocha with Linda says:

    Okay, that's weird. The place to click on to leave a comment was invisible. I didn't think I could leave one, and all of a sudden my cursor went over the right place.

    Regarding the passwords, they say, "The report also suggests using a different password for every website".

    Yet they always say not to write them down, How in the world are we supposed to remember as many as ten nonsensical passwords?!