"Holy cow! That's the same combination that I have on my luggage!"
Posted on 01/23/2010 7:59:06 AM PST by TaxPayer2000
The hackers who stole and published 33 million passwords from the Rockyou.com website in December needn't have bothered, a security company has revealed. Many of them were so trivial they could have been guessed anyway.
According to a new analysis of the hacked passwords, the most popular password used on the Rockyou site was '123456'. Ridiculously, the second most popular password was '12345' closely followed (in order) by '12345687', 'Password', 'iloveyou', 'princess', and the imaginative 'rockyou'.
To put the use of '123456' into perspective, it was used on 290,731 accounts out of the nearly 33 million, which sounds small until Imperva reveals that the top 20 passwords were all equally transparent, and around 20 percent of the 5,000 most popular passwords were "names, slang words, dictionary words or trivial passwords." In 20th place, 13,856 accounts secured themselves with the word 'QWERTY'.
~SNIP~
"If a hacker would have used the list of the top 5,000 passwords as a dictionary for brute force attack on Rockyou.com users, it would take only one attempt (per account) to guess 0.9 percent of the users passwords or a rate of one success per 111 attempts," say its authors.
"At this rate, a hacker will gain access to one new account every second or just less than 17 minutes to compromise 1,000 accounts. And the problem is exponential,"
~SNIP~
Such hacking would have had rewards beyond Rockyou -- it is believed that the same passwords on the Rockyou accounts were defaults for user webmail accounts on Gmail, Yahoo, Hotmail, and others.
~SNIP~
"Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like '123456'," said Imperva's CTO, Amichai Shulman.
(Excerpt) Read more at pcworld.com ...
Sounds like a pwd that someone would use on their luggage.
it is imperative that you use a strong password everywhere all the time and change them.
Thus proving people are morons.
Other popular passwords include birthdates, social security numbers, and spouse/children’s names.
Don’t use them. :P
"Holy cow! That's the same combination that I have on my luggage!"
There needs to be a new method for securing various sites rather than the simple password. The real problem is that for many there are multiple sites all requiring a password, and in some cases a requirement they change often.
How is a person suppose to keep track of all the various passwords, by memory? Of course people are going to use simple passwords.
Perhaps what is needed is a USB type devide that can generate and keep track of complicated passwords. You plug the device in, use your password to access the device (or better yet, use a fingerprint to confirm your ID to the device) and then the device signs on to the site you want to access.
If someone does not have your USB device it should be set up that even with a password they can not sign on.
I would pay for that type of security.
As it is, I need to keep a book with all my various usernames and passwords because I have so many I can not remember them all.
At the very least you should have one capital letter, one number and one character like ! in any password. I recently updated my anti-virus program and was prompted to change and modify all my passwords to more secure variations.
Argh. You guys beat me to it.
I use filthy, foul languaged phrases with numrerals and puncuation marks substituted for regular letters. All at least 12 characters long. "1W@nt2........." or maybe "1L!ket0......" or something similar.
Makes 'em easy to remember.
It depends on whether security is important or not. I use the same password on all web sites where all you do is chat and post comments.
If you start to see strange comments here under my nic, then some hacker has guessed my password!
It is imperative that societies begin treating hackers the same as forced entry home robbers. Identity thieves are guilty of Grand Larceny.
If the cops can confiscate autos, boats & airplanes of drug dealers, then the victims of Identity Theft should be allowed to do likewise to hackers.
Sure, they are difficult to find. However, a Bounty Hunter system should allow entrepreneurs to make a buck or two. After we get the hackers under control, we then apply the system to ambulance chasing lawyers.
“The Law firm of Stinkpot, Stinkpot & Sleazeball is not licensed in the State of New Jersey. Your case may be referred. etc, etc, etc.”
Next comes the EPA with its “endangered desert rat”, spotted owl, etc....
“711hasTHEbestdonuts!” Is a great password as it uses caps, numbers, symbols, is long, but easy to remember. I know this only ‘cuz I found it written on a piece of paper under my 480lb, ex-boss’s keyboard. (True story.)
bosco
Download a piece of freeware called PINs. I use it and keep it on a thumbdrive or two. It is a database where you can keep a collection of passwords, credit card numbers, website addresses with your account names and passwords. All protected and accessible with one password. Make it a very secure and tough password to crack. All you need to do is remember the one password.
BUT when they make me use 7 or 9 letters and especially if they make me use at least one number, I have to keep it simple just to remember it.
This already exists, it’s called KeePass. Use on a USB drive, it will generate random passwords using whatever characters you like, keep them available to you, and is very easy to use. Best of all it is free here:
“Rosebud.....”
Uh. I have on my briefcase...
There’s something like that already. You can use Keepass password manager on a USB stick. The program and it’s encrypted database resides entirely on the USB stick, supposedly leaving no trace on the computer you use it on when done.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.