Suspected PayPal Hackers Seek Deal To Stay Out Of Prison
Did A Google Earth Mistake Cause A Couple's Brutal Murder?
Analysis of 32 MILLION breached passwords shows people use stupid passwords
Verdict: it's 2010, and people are still using the stupidest passwords imaginable.
Here's a quick look at the top ten:
- 123456
- 12345
- 123456789
- Password
- iloveyou
- princess
- rockyou
- 1234567
- 12345678
- abc123
One: it shows that many providers of web apps and services still don't give a crap about helping make good decisions about security. They're perfectly happy to allow you to register with passwords that my grandmother could crack -- and she's never even touched a computer.
Two: it shows that people don't care enough about their own security online to give more than a split second of thought when choosing the super-secret code which secures access to their accounts. Dictionary-based attacks would have succeed on the first attempt on more than a quarter million Rockyou.com users!
Let's face it. These passwords are the digital equivalent of locking your front door by duct-taping the door to the frame. Is that how you want to protect your valuables, people?
Download Squad readers don't need this PSA, of course -- but it's time to spread the word. Get your friends and family using tools like LastPass, KeePass, and 1Password. All of them make creating and remembering strong passwords a breeze -- and while that won't help if someone breaches a database like Rockyou's it's still an important step in staying safe online.
The full report from Imperva is available as a PDF download if you'd like to read more analysis about the Rockyou breach.
[via Help Net]
Comments
10
Subscribe to commentsIvanP91Jan 21st 2010 12:27PM
Just because I duct-taped my front door to the frame doesnt mean that my house isnt well protected.
That was a freakin waste of duct tape, and its not even holding anymore.
Velvet JonesJan 21st 2010 12:42PM
Love the Windows mouse pointer in the image.
Bill BraskyJan 21st 2010 12:38PM
12345? That sounds like a combination an idiot would have on their luggage!
Change the combination on my luggage!
ScraynJan 22nd 2010 12:27AM
*walks out, gets giant helmet caught in door as it closes*
Gah!
squished18Jan 21st 2010 2:06PM
This posting is misleading. It does not address the key issue of what the password is protecting. If this was a test of bank account passwords, it would be worrying. However, they tested Rockyou.com accounts? Who cares if someone breaks into your rockyou.com account?
This is not like securing your front door with duct tape. This is like securing your tree house door with duct tape. There's a big difference.
NeoprimalJan 21st 2010 4:59PM
Who cares?
A hacker cares.
Statically it's been proven that users use the same password over several websites/services.
So lets assume your user name isn't one you pick, it's what you've signed up with or whatever. All that's left to do is figure out your email address and then go to town on sites that use your email as login, from there find a possible 'common' username for you (which isn't hard for you, since people oft use their twitter or blogs as a common username), then go to town all over the internet and services. Steal your email account. Steal your MMo or Steam account. Steal you Paypal account. Order 1000 pizzas for either you, or friends at Pizzahut.com/Dominos.com....I mean you name it, there's trouble.
We're moving to a digital age, and online security is fast becoming as important as locking up our doors, because in the end if some unscrupulous soul gets your information, it's really hard to fix the damage they CAN do.
polobunnyJan 21st 2010 5:24PM
@Neoprimal
Nope, that's totally different. Rockyou is an out of bounds value, if you brought it in the statistics of password security it would be lowering it's "score".
Do not try to overlook the fact this is Rockyou. Would you use your 123456 for your bank account? They probably wouldn't let you. Would you use this for your email, the thing you consider the most important in your daily net routine? I'm pretty sure you wouldn't either. And most wouldn't.
It's not because someone used 123456 as a Rockyou password to host some stupid glittery GIF files that they're absolute idiots going to do the same with every other account. They can be stupid at times, but most users aren't THIS thick.
Just get their pet, daughter/son or wife name if you want easy access. :P
Now, a hacker does care about the rest of the passwords that aren't words. Makes up for good dictionaries.
Fox318Jan 21st 2010 3:17PM
I'm surprised "letmein" isn't on the list.
nomi49Jan 22nd 2010 9:32AM
LastPass is a good option. But wait... what if my LastPass password is stolen?
DailyXXXFeb 19th 2010 7:49PM
Great Porn Passes here http://www.freepornpasss.blogspot.com