Your Top 20 Most Common Passwords
Is your password "123456"?
Last year, a major security breach at RockYou.com resulted in the release of 32 million passwords. With such a large data set available, security firm Imperva Application Defense Center (ADC) analyzed and found that, when given the chance, most users will choose a simplistic password.
Imperva found that nearly a third of users chose passwords whose length is equal or below six characters and almost 60 percent of users chose their passwords from a limited set of alpha-numeric characters. Almost half of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on), with the most common password being "123456".
Here are the top 20 most popular passwords from the RockYou.com leak.
Imperva notes that even though hacking techniques have become better, users of today are no wiser than those 20 years ago. The company's report says that a study of Unix password security in 1990 and hacked Hotmail passwords from 10 years ago showed little change.
So how can everyone get better? Imperva recommends the following:
1. Choose a strong password for sites you care for the privacy of the information you store. Bruce Schneir’s advice is useful: “take a sentence and turn it into a password. Something like “This little piggy went to market” might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary.”
2. Use a different password for all sites – even for the ones where privacy isn’t an issue. To help remember the passwords, again, following Bruce Schneier’s advice is recommended: “If you can't remember your passwords, write them down and put the paper in your wallet. But just write the sentence – or better yet – a hint that will help you remember your sentence.”
3. Never trust a 3rd party with your important passwords (webmail, banking, medical etc.)
Read the full report from Imperva here.
Who is changing his or her password today?
- Linux Needs to Master Hardware to Beat Windows
- Caption Contest: What's Bill Gates Saying?
- AMD Posts First Profit in Three Years
- Galaxy Launches 2-Year-old Graphics Card. Why?
- Firefox 3.6 is Officially Ready for Download
- Clinton Wants Chinese Explanation of Hacking
- Drool: Maingear's New OC'd Core i7 Gaming Rigs
- System Specs Revealed for Aliens vs Predator
- Nvidia Driver Bug Stops Overclocking; Fix Soon
- China Says U.S. Accusations are 'Groundless'
- VOTD: Steve Ballmer, Will You Sign My MacBook?
- Stop Motion Animation Meets PSPGo Tear Down
- Samsung Settles With Rambus for $900 Million
- Nvidia Found Guilty of Infringing Rambus Patents
- Rival Eee Keyboard Spotted, Powered by XP
- Acer's Big Plans: App Store, Chrome OS Laptop
- BioWare Releases Mass Effect 2 Launch Trailer
- Assassin's Creed II PC Dated, Specs Revealed
Nothing about God in there, seems like a good sign!
Password managment software ftw?
I've done enough security penetration tests to know that no matter how strong your security (WPA-2 SHA etc.) Passwords are by far the weakest link. For anyone who doesn't know, encryption algorithms that only use one variable ie. the password supplied can be cracked within minutes using a decent rainbow table and the coresponding software.
If there are two sets of passwords that I would encourage everyone to change so they don't resemble anything else are your banking ones (anything that you have entered your bank/credit card details into such as paypal) and you email. Why email? Some of you may be asking, because how many sites have a "Forgot your password" link which sends you password or a link to reset your password to your email address? So if someone can access your email then all the have to do is click forgot password on all your social networking or whatever sites and they now have access to your account.
Have fun, Talwoasc
I use passwords wich have at least 14 letters, contains majuscules, small letters, numbers, and various graphical signs like: @#$%&*():", etc. So I'm pretty confident about my password's strength. Altough to be completely hoest I know that on internet nothing is absolutely safe, but still... Forza Steaua!!!
I generate my passwords by writing down letters, numbers and keyboard characters onto a piece of paper, stopping at 8. Then, I save it to an encrypted file on my PC with my old password, then, I change it on every single site, account and anything I can remember. By the time I'm done, I've memorised it. And, if you 'randomly' generate it yourself, I'm willing to assume that you'll also remember it easier, since it'll fit some kind of 'pattern' your mind uses. My password seriously has nothing in it that makes any sense, no hidden meaning or anything. Often, I add meaning afterwards.
“take a sentence and turn it into a password. Something like “This little piggy went to market” might become "tlpWENT2m".
haha
a bruteforce with a brain?