1,105,380 Community Members

Is your password on the at risk list?

Member Avatar
(happygeek)
Reputation Points: 1,411 [?]
Q&As Helped to Solve: 452 [?]
Skill Endorsements: 166 [?]
 
0
 

A password is defined as being a "secret word or string of characters" that is used to authenticate identity and enable access to a resource. The emphasise being on the word secret, although 'unique' is equally important when it comes to password security. Which is why the list of the most popular, and therefore worst, passwords used online this past year as revealed by password management specialists SplashData this week is particularly worrying. Well, it should be if your password is on the list anyway!

pass01.jpg According to SplashData, the 25 worst passwords that you could be using include those insecure evergreens of 'password' at number one and '123456' at number two in the chart of shame, followed by the almost as easy to guess but one assumes treated as a more secure option by those who don't know better '12345678'. At number four in the list we find the bad password choice of 'qwerty' - yep, the first six letters on a keyboard, easy to remember and even easier for the bad guys to crack.

Mixing letters with numbers is always a good thing in terms of security, apart from when you use the likes of number five in the list which is, I kid you not, 'abc123'. At least number six is slightly less obvious, I mean who would guess your password is 'monkey' after all? Erm, well actually that bit of automated software which looks for dictionary words would, and it would do so in a matter of just a couple of seconds as it is a very short dictionary word at that.

Number eight is a seven character string which should by rights sit between the first and second entries as it is '1234567'. While the ninth most popular password was the first to adopt another recommended approach to password construction of using phrases rather than single dictionary words. Unfortunately, using 'letmein' comprises of just three very short dictionary words that pretty much every dictionary attack software will stumble across in less time than it took me to type this sentence.

Number ten may look, at first glance, like something approaching a secure password it remains a poor and insecure choice by virtue of being included in the custom words section of most password cracking tools. There's a certain irony in selecting 'trustno1' as your password I admit, but not a great deal of security. The same can be said of 'passw0rd' which sits at 19 in the list and just replaces an O with a zero. It's more secure than using the number one choice of 'password' but only just. Other stand out inclusions on the list included '111111' 'iloveyou' '654321' and the rather inappropriate under the circumstances 'master'.

Where did SplashData get the information to compile such a list, you may be asking yourself? Actually the company compiled it from files containing millions of stolen passwords that have been posted online in underground hacking forums following successful data breaches during the year.

Andi Hindle, Director of International Business Development at security outfit Ping Identity, warns that there is "no such thing as an uncrackable password" adding that is it "possible to make a password that is so difficult to electronically guess that it would take an untold time". Of course, even if that untold time equates to millions of hours, those hours could be spread across thousands of machines using cracking software and that, once again, introduces the element of risk if the bad guys thought your data worth the effort and financial investment involved in breaking it.

Meanwhile, SplashData offers the following suggestions when it comes to improving your password security:Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, "eat cake at 8!" or "car_park_city?" Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for. Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. Here's the full SplashData list of the 25 worst passwords of 2011: password 123456 12345678 qwerty abc123 monkey 1234567 letmein trustno1 dragon baseball 111111 iloveyou master sunshine ashley bailey passw0rd shadow 123123 654321 superman qazwsx michael football

Attachments pass01.jpg 61.01KB
Member Avatar
Davey Winder

I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .

Member Avatar
Fortinbra
Posting Whiz in Training
236 posts since Jan 2011
Reputation Points: 37 [?]
Q&As Helped to Solve: 13 [?]
Skill Endorsements: 4 [?]
 
0
 

MickeyMinnieDonaldGoofyPlutoHueyDeuyLouieTallahassee

I saw this in a posting about secure passwords, it's eight characters with a capital. Oddly enough, to my knowledge, this is an actual secure password because of length and number individual words.

Member Avatar
|-|x
Posting Whiz
353 posts since Apr 2008
Reputation Points: 113 [?]
Q&As Helped to Solve: 56 [?]
Skill Endorsements: 8 [?]
 
1
 

Another related, useful tool by security expert Steve Gibson...
https://www.grc.com/haystack.htm

Member Avatar
Tim Elsky
Light Poster
35 posts since Nov 2011
Reputation Points: -3 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I used to use easy passwords so I can remember them but after my e-mail and some other accounts were used for spam several times I started using password generators. There are many websites that allow u to use password generator online and I save them in the not on my cell phone. Also I read somewhere that it is better to change any password every 6 months.

Member Avatar
seobts
Newbie Poster
1 post since Dec 2011
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I must be more careful. My password is often too easy for anyone to guest. :(. Have to change it immediatly!

Member Avatar
terence193
Junior Poster in Training
58 posts since Apr 2008
Reputation Points: -4 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

Passwords are becoming more vulnerable since most people use the same password on a lot of different accounts, which might not be at all trustworthy.

Rather than every six months, it should be done more often say per month and be sure to include uppercase/lowercase/special characters and numbers in your password.

A password is never a good one if the security question isn't well. I admire the system most banks use, where the authentication process has three steps.
1)Email
2)Security Question
3)Code Generated from a dongle they give which is assigned to you.

This method or similar is used by Wallet Software sites as well, and people should make use of it, since most probably this is the most important password most people have.

Member Avatar
hotmatrixx
Posting Whiz
349 posts since Jul 2008
Reputation Points: 21 [?]
Q&As Helped to Solve: 25 [?]
Skill Endorsements: 0 [?]
 
0
 

Like they say over at xkcd:
(check the attachment)

Attachments password_strength.png 90.85KB
Member Avatar
hotmatrixx
Posting Whiz
349 posts since Jul 2008
Reputation Points: 21 [?]
Q&As Helped to Solve: 25 [?]
Skill Endorsements: 0 [?]
 
0
 

again, thanks xkcd
(see pic attached)

Attachments password_reuse.png 129.34KB
Member Avatar
jahnarisha
Newbie Poster
12 posts since Jan 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I have no problem with difficult passwords. I use a password manager like roboform. In each site I register, I use a different password for the same email address. And I just let roboform to generate the password for me which is in fact very random in nature.

Member Avatar
rajutech
Newbie Poster
9 posts since Mar 2012
Reputation Points: 0 [?]
Q&As Helped to Solve: 0 [?]
Skill Endorsements: 0 [?]
 
0
 

I tried same password for some accounts of mine. Will be careful about this.

You
Post:
Start New Discussion
View similar articles that have also been tagged: