Filed under: Security
Analysis of 32 MILLION breached passwords shows people use stupid passwords
Verdict: it's 2010, and people are still using the stupidest passwords imaginable.
Here's a quick look at the top ten:
- 123456
- 12345
- 123456789
- Password
- iloveyou
- princess
- rockyou
- 1234567
- 12345678
- abc123
One: it shows that many providers of web apps and services still don't give a crap about helping make good decisions about security. They're perfectly happy to allow you to register with passwords that my grandmother could crack -- and she's never even touched a computer.
Two: it shows that people don't care enough about their own security online to give more than a split second of thought when choosing the super-secret code which secures access to their accounts. Dictionary-based attacks would have succeed on the first attempt on more than a quarter million Rockyou.com users!
Let's face it. These passwords are the digital equivalent of locking your front door by duct-taping the door to the frame. Is that how you want to protect your valuables, people?
Download Squad readers don't need this PSA, of course -- but it's time to spread the word. Get your friends and family using tools like LastPass, KeePass, and 1Password. All of them make creating and remembering strong passwords a breeze -- and while that won't help if someone breaches a database like Rockyou's it's still an important step in staying safe online.
The full report from Imperva is available as a PDF download if you'd like to read more analysis about the Rockyou breach.
[via Help Net]
Chromatic is one of the best time-wasters I've recently come across. It's all about the gameplay -- no Flash graphics here. You play a "circle" (it doesn't really have a name in the game). You move around with the arrow keys, and you change colors with Z, X, and C.
You can either be red, blue, or yellow, and you can switch at any time during the game. Each color has different capabilities -- yellow can double-jump, while red has a longer dash (which is like a forward sprint, activated by double-pressing DOWN).
Each ...
Reader Comments (Page 1 of 1)
IvanP91 said 12:27PM on 1-21-2010
Just because I duct-taped my front door to the frame doesnt mean that my house isnt well protected.
That was a freakin waste of duct tape, and its not even holding anymore.
Reply
Velvet Jones said 12:42PM on 1-21-2010
Love the Windows mouse pointer in the image.
Reply
Bill Brasky said 12:38PM on 1-21-2010
12345? That sounds like a combination an idiot would have on their luggage!
Change the combination on my luggage!
Reply
Scrayn said 12:27AM on 1-22-2010
*walks out, gets giant helmet caught in door as it closes*
Gah!
squished18 said 2:06PM on 1-21-2010
This posting is misleading. It does not address the key issue of what the password is protecting. If this was a test of bank account passwords, it would be worrying. However, they tested Rockyou.com accounts? Who cares if someone breaks into your rockyou.com account?
This is not like securing your front door with duct tape. This is like securing your tree house door with duct tape. There's a big difference.
Reply
Neoprimal said 4:59PM on 1-21-2010
Who cares?
A hacker cares.
Statically it's been proven that users use the same password over several websites/services.
So lets assume your user name isn't one you pick, it's what you've signed up with or whatever. All that's left to do is figure out your email address and then go to town on sites that use your email as login, from there find a possible 'common' username for you (which isn't hard for you, since people oft use their twitter or blogs as a common username), then go to town all over the internet and services. Steal your email account. Steal your MMo or Steam account. Steal you Paypal account. Order 1000 pizzas for either you, or friends at Pizzahut.com/Dominos.com....I mean you name it, there's trouble.
We're moving to a digital age, and online security is fast becoming as important as locking up our doors, because in the end if some unscrupulous soul gets your information, it's really hard to fix the damage they CAN do.
polobunny said 5:24PM on 1-21-2010
@Neoprimal
Nope, that's totally different. Rockyou is an out of bounds value, if you brought it in the statistics of password security it would be lowering it's "score".
Do not try to overlook the fact this is Rockyou. Would you use your 123456 for your bank account? They probably wouldn't let you. Would you use this for your email, the thing you consider the most important in your daily net routine? I'm pretty sure you wouldn't either. And most wouldn't.
It's not because someone used 123456 as a Rockyou password to host some stupid glittery GIF files that they're absolute idiots going to do the same with every other account. They can be stupid at times, but most users aren't THIS thick.
Just get their pet, daughter/son or wife name if you want easy access. :P
Now, a hacker does care about the rest of the passwords that aren't words. Makes up for good dictionaries.
Fox318 said 3:17PM on 1-21-2010
I'm surprised "letmein" isn't on the list.
Reply
NyaR said 6:17PM on 1-21-2010
rockyou ? are you sure thats what they meant?
Reply
nomi49 said 9:32AM on 1-22-2010
LastPass is a good option. But wait... what if my LastPass password is stolen?
Reply
DailyXXX said 7:49PM on 2-19-2010
Great Porn Passes here http://www.freepornpasss.blogspot.com
Reply