The Ten Worst Passwords On The Web

Reporter:Kabbo

On January 25, 2010 View Comments

You’re not fooling anyone with that “123456” password of yours. “Password” isn’t much better, and sorry ladies, but “princess” is also no good. These are among the findings in a report released by Imperva, a data security firm that analyzed 32 million passwords recently exposed in the Rockyou.com breach. Not only did they identify the most common, and thus easily-guessable passwords, but they also suggested some effective methods for creating secure ones.

Rockyou.com is a website where users can develop apps to use on social networking sites. Last December, a hacker gained access to all of Rockyou’s members’ usernames, email addresses and passwords (which had been stored in plain, unencrypted text) and posted the passwords to the Internet. Given that many people use the same username and password for all of their online dealings, such as banking, the results could have been disastrous. Fortunately, the perpetrator seemed to be mainly interested in exposing Rockyou’s insufficient security, as they didn’t post the usernames or emails.

Imperva analyzed the hacked data, and compiled their findings in the Consumer Password Worst Practices report. Of the 32 million passwords involved, the ten most common were:

123456

12345

123456789

Password

iloveyou

princess

rockyou

1234567

12345678

abc123

It was found that almost half of the members used names, slang words, proper words, or trivial passwords such as consecutive digits, or adjacent keys on the keyboard.

So, what sort of password SHOULD people be using?

Imperva made the following recommendations:

It should contain at least eight characters (30% of users had passwords that were six letters or less)

It should contain a mix of four different types of characters (i.e: upper case, lower case, numbers, symbols)

It should not be a name, word, or contain any part of your name or email address

The report also suggests using a different password for every website, not sharing your passwords with third parties, and using the first letters of each word in a sentence as your password (For instance, “this little piggy went to market” would be “tlpWENT2m”).

“The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism,” said Imperva CTO Amichai Shulman. “Never before has there been such a high volume of real-world passwords to examine.”

Hello there! Do You Love Tech News? Then you might want to Subscribe to Our RSS feed or even Our Newsletter for Free updates on Tech News about Apple iPhone, Latest Laptop & Various Cool Gadgets. Also follow TheTechJournal on Twitter.

Some Other Pupolar News

Tags: Internet, password, security, social networking

You can leave a response, or trackback from your own site.

View Comments

Matthew Says:

Lol n00bs

Posted on January 26th, 2010 at 3:25 am
Arnita Alicuben Says:

Great article. There’s a lot of good data here, though I did want to let you know something – I am running Mac OS X with the current beta of Firefox, and the design of your blog is kind of quirky for me. I can understand the articles, but the navigation doesn’t work so good.

Posted on February 12th, 2010 at 1:09 am
Leandro Boxell Says:

Your blog is awesome! I found it on Yahoo searching for repairing my xbox and couldn?t resist reading it. You have some good tips here. Thanks for posting!

Posted on February 12th, 2010 at 4:48 am