Saturday, November 19, 2011

Study: people still using 'password' and '123456' as passwords

What are some of the most common mistakes made in terms of passwords? We've seen them before, such as in the Gawker Media hack, with folks using "123456" and other far too simple passwords. A new study by password management application provider SplashData shows folks still haven't learned their lesson.

Find or Create Hilarious Merchandise at CafePress
It's actual an annual event, this SplashData study. "Password" ranks first on the list, which is ranked by "popularity" among millions of stolen passwords posted online by hackers. Sequential sets of numbers such as "123456" are quite naturally high, just as in the Gawker Media hack, as are common words and common names, such as "ashley" and "michael."

Alternatively, some are a bit hard to understand, in terms of their high ranking, like "monkey." SplashData's top 25 are:
  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein (uh, yeah)
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd (adding a 0 instead of an o isn't really high security)
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx (check a keyboard to see why this is chosen)
  24. michael
  25. football
Unfortunately, just having a strong password, one which includes letters, numbers, and special chacters (%, @, etc.) isn't good enough. End users also shouldn't use the same passwords all over the place. If you do, someone could get a forum password, and viola, they also have your Amazon.com password.

If you can't keep track of multiple passwords, and really, who can, use a password manager like KeePass or LastPass. Many of these also generate secure passwords based on your criteria, as well.

In this day of smartphones and tablets, you can also choose a manager that has a mobile app, too.  Just make sure you also lock your phone in case you lose it with all your passwords on it.



No comments: