Avernis Thoughts


Jan 27
2010

Worlds Worst Passwords

Posted by: Sean Goodwin on Jan 27, 2010

In a recent report released by Impervia reveled some interesting statistics when it comes to common passwords being used on popular social site www.rockyou.com - some very scary statistics indeed.

Of the 32 million accounts contained within the website, the following were the top 10 most common passwords:

  • 123456
  • 12345
  • 123456789
  • Password
  • iloveyou
  • princess
  • rockyou
  • 1234567
  • 12345678
  • abc123

Whilst some of these look like fairly common password injustices ("123456" and "Password"), the inclusion of "iloveyou" and "princess" seemed to be odd inclusions. It does suggest that there are popular words that numerous people tend to use for passwords, making it easier for hackers to gain access to system accounts. Using a simple dictionary of 5000 popular passwords, a hacker could easily gain access to as many 1000 accounts in under 17 minutes!

Even more disturbing is the assumption that people tend to use the same password for any number of different system, including system that contain personal information, or even online banking or other payment systems.

There are a number of recommendations made in the report about what website users should be choosing to use for their passwords:

  • Passwords should contain at least eight characters (30% of users had passwords that were six letters or less)
  • It should contain a mix of four different types of characters (i.e: upper case, lower case, numbers, symbols)
  • It should not be a name, word, or contain any part of your name or email address

The report also suggests using a different password for every website, not sharing your passwords with third parties, and using the first letters of each word in a sentence as your password (For instance, “this little piggy went to market” would be “tlpWENT2m”).

“The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism,” said Imperva CTO Amichai Shulman. “Never before has there been such a high volume of real-world passwords to examine.”

 

Sources:
Impervia - http://www.imperva.com/ld/password_report.asp
Gizmag - http://www.gizmag.com/worst-passwords-on-the-web/13960/

 


[ Back ]
Comments (0)Add Comment

Write comment
smaller | bigger

busy
Don't have time to write an email about your enquiry?
Give us a call on
02 9326 6399

Would you like a new website but don't know where to start? Worse still, do you not even have a website? Enter your details and we'll send you an E-Book on what you need to know before you start.

Name:
Email:
 

View terms & conditions here.