Pages

Thursday, January 21, 2010

Analysis of 32 MILLION breached passwords shows people use stupid passwords

Filed under: Security

Analysis of 32 MILLION breached passwords shows people use stupid passwords

by Lee Mathews (RSS feed) Jan 21st 2010 at 12:08PM

Password breaches happen on a pretty regular basis, but the one at Rockyou.com was massive -- involving 32 million users. Now that the dust has settled, security firm Imperva has taken the time to do a little analysis of the data involved.

Verdict: it's 2010, and people are still using the stupidest passwords imaginable.

Here's a quick look at the top ten:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
Are you kidding me?! No...No, you're not. But this is a seriously sad commentary on two things.

One: it shows that many providers of web apps and services still don't give a crap about helping make good decisions about security. They're perfectly happy to allow you to register with passwords that my grandmother could crack -- and she's never even touched a computer.

Two: it shows that people don't care enough about their own security online to give more than a split second of thought when choosing the super-secret code which secures access to their accounts. Dictionary-based attacks would have succeed on the first attempt on more than a quarter million Rockyou.com users!

Let's face it. These passwords are the digital equivalent of locking your front door by duct-taping the door to the frame. Is that how you want to protect your valuables, people?

Download Squad readers don't need this PSA, of course -- but it's time to spread the word. Get your friends and family using tools like LastPass, KeePass, and 1Password. All of them make creating and remembering strong passwords a breeze -- and while that won't help if someone breaches a database like Rockyou's it's still an important step in staying safe online.
The full report from Imperva is available as a PDF download if you'd like to read more analysis about the Rockyou breach.
[via Help Net]

via pheedcontent.com

Protect yourself on the web! Start with a strong password and don't use the same password for all your accounts.

Posted via web from Firesaw on posterous

at 11:14 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)