Blog

The Ten Worst Passwords On The Web

The ten worst passwords on the web, and why you really should read this article

You’re not fooling anyone with that “123456” password of yours. “Password” isn’t much better, and sorry ladies, but “princess” is also no good. These are among the findings in a report released by Imperva, a data security firm that analyzed 32 million passwords recently exposed in the Rockyou.com breach. Not only did they identify the most common, and thus easily-guessable passwords, but they also suggested some effective methods for creating secure ones.

Rockyou.com is a website where users can develop apps to use on social networking sites. Last December, a hacker gained access to all of Rockyou’s members’ usernames, email addresses and passwords (which had been stored in plain, unencrypted text) and posted the passwords to the Internet. Given that many people use the same username and password for all of their online dealings, such as banking, the results could have been disastrous. Fortunately, the perpetrator seemed to be mainly interested in exposing Rockyou’s insufficient security, as they didn’t post the usernames or emails.

Imperva analyzed the hacked data, and compiled their findings in the Consumer Password Worst Practices report. Of the 32 million passwords involved, the ten most common were:

  • 123456
  • 12345
  • 123456789
  • Password
  • iloveyou
  • princess
  • rockyou
  • 1234567
  • 12345678
  • abc123

    • It was found that almost half of the members used names, slang words, proper words, or trivial passwords such as consecutive digits, or adjacent keys on the keyboard.

    So, what sort of password SHOULD people be using?

    Imperva made the following recommendations:

  • It should contain at least eight characters (30% of users had passwords that were six letters or less)
  • It should contain a mix of four different types of characters (i.e: upper case, lower case, numbers, symbols)
  • It should not be a name, word, or contain any part of your name or email address

    • The report also suggests using a different password for every website, not sharing your passwords with third parties, and using the first letters of each word in a sentence as your password (For instance, “this little piggy went to market” would be “tlpWENT2m”).

    “The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism,” said Imperva CTO Amichai Shulman. “Never before has there been such a high volume of real-world passwords to examine.”

    Tags: , , ,

    This Post Has 3 Comments

    1. Matthew January 26, 2010

      Lol n00bs

    2. Arnita Alicuben February 12, 2010

      Great article. There’s a lot of good data here, though I did want to let you know something – I am running Mac OS X with the current beta of Firefox, and the design of your blog is kind of quirky for me. I can understand the articles, but the navigation doesn’t work so good.

    3. Leandro Boxell February 12, 2010

      Your blog is awesome! I found it on Yahoo searching for repairing my xbox and couldn?t resist reading it. You have some good tips here. Thanks for posting!

    Leave a Reply