Dav
Explore
▼
Thursday, January 21, 2010
Password hacking as easy as 123456
In December Rockyou.com was hacked and out of it cam a list of passwords of which the most popular was "123456" and "Password". These have been the ever popular passwords that have been used and it is strongly advised to stop.
Imperva studied the breached passwords and has published an interesting study that talks about them.
Of the 32 million passwords exposed, "123456" was the most commonly used, followed by "12345" and "123456789."
The list of the 20 most commonly used passwords, and the number of accounts which used them, includes:
"123456" in 290,731 accounts
"12345" in 78,078 accounts
"123456789" in 76,790 accounts
"Password" in 61,958 accounts
"iloveyou" in 51,622 accounts
"princess" in 35,231 accounts
"rockyou" in 22,588 accounts
"1234567" in 21,726 accounts
"12345678" in 20,553 accounts
"abc123" in 17,542 accounts
"Nicole" in 17,168 accounts
"Daniel" in 16,409 accounts
"babygirl" in 16,094 accounts
"monkey" in 15,294 accounts
"Jessica" in 15,162 accounts
"Lovely" in 14,950 accounts
"michael" in 14,898 accounts
"Ashley" in 14,329 accounts
"654321" in 13,984 accounts
"Qwerty" in 13,856 accounts
Because of the shortness of the passwords and their simplicity, Imperva concluded that users are very susceptible to what it termed "basic, brute force" password attacks.
Users, if allowed, will choose very weak passwords even for their most important data, Imperva said.
"Worse, as hackers continue to rapidly adopt smarter brute force password cracking software, consumers and companies will be at greater risk. To quantify the issue, the combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will typically gain access to one new account on every second or a mere 17 minutes to break into 1000 accounts," the company wrote.
Does any of this look familiar to you. Your sitting with a lil smile on your face as you read. If you are guilt then this is the time for you to stop and get serious about the passwords you choose.
Some key findings of the study include:
Imperva provides a list of password best practices, created by NASA to help its users protect their rocket science, they include:
Following that advice, of course, means you'll create a password that will be impossible, unless you try a trick credited to security guru Bruce Schneir: Turn a sentence into a password.
For example, "Now I lay me down to sleep" might become nilmDOWN2s, a 10-character password that won't be found in any dictionary.
Can't remember that password? Schneir says it's OK to write it down and put it in your wallet, or better yet keep a hint in your wallet. Just don't also include a list of the sites and services that password works with. Try to use a different password on every service, but if you can't do that, at least develop a set of passwords that you use at different sites.
Imperva studied the breached passwords and has published an interesting study that talks about them.
Of the 32 million passwords exposed, "123456" was the most commonly used, followed by "12345" and "123456789."
The list of the 20 most commonly used passwords, and the number of accounts which used them, includes:
"123456" in 290,731 accounts
"12345" in 78,078 accounts
"123456789" in 76,790 accounts
"Password" in 61,958 accounts
"iloveyou" in 51,622 accounts
"princess" in 35,231 accounts
"rockyou" in 22,588 accounts
"1234567" in 21,726 accounts
"12345678" in 20,553 accounts
"abc123" in 17,542 accounts
"Nicole" in 17,168 accounts
"Daniel" in 16,409 accounts
"babygirl" in 16,094 accounts
"monkey" in 15,294 accounts
"Jessica" in 15,162 accounts
"Lovely" in 14,950 accounts
"michael" in 14,898 accounts
"Ashley" in 14,329 accounts
"654321" in 13,984 accounts
"Qwerty" in 13,856 accounts
Because of the shortness of the passwords and their simplicity, Imperva concluded that users are very susceptible to what it termed "basic, brute force" password attacks.
Users, if allowed, will choose very weak passwords even for their most important data, Imperva said.
"Worse, as hackers continue to rapidly adopt smarter brute force password cracking software, consumers and companies will be at greater risk. To quantify the issue, the combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will typically gain access to one new account on every second or a mere 17 minutes to break into 1000 accounts," the company wrote.
Does any of this look familiar to you. Your sitting with a lil smile on your face as you read. If you are guilt then this is the time for you to stop and get serious about the passwords you choose.
Some key findings of the study include:
- The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute force attacks."
- Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is "123456".
- Recommendations for users and administrators for choosing strong passwords.
So it is advised for you to use a combination of alpha-numeric and throw in a few symbols to better protect yourself from hacks
Imperva provides a list of password best practices, created by NASA to help its users protect their rocket science, they include:
- It should contain at least eight characters
- It should contain a mix of four different types of characters - upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;" If there is only one letter or special character, it should not be either the first or last character in the password.
- It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address.
Following that advice, of course, means you'll create a password that will be impossible, unless you try a trick credited to security guru Bruce Schneir: Turn a sentence into a password.
For example, "Now I lay me down to sleep" might become nilmDOWN2s, a 10-character password that won't be found in any dictionary.
Can't remember that password? Schneir says it's OK to write it down and put it in your wallet, or better yet keep a hint in your wallet. Just don't also include a list of the sites and services that password works with. Try to use a different password on every service, but if you can't do that, at least develop a set of passwords that you use at different sites.
No comments:
Post a Comment