Social networking site breach exposes most popularly used passwords
Friday 22 January 2010
Latest in Media
On Facebook
From the blogs
Roy Hodgson for England: A club of one
To argue against Harry Redknapp for England is akin to arguing in favour of bankers bonuses. While s...
Time for a reality check on the Sri Lankan civil war
Sri Lanka, much like Britain, has side-lined accountability long enough.
Children Of Alcoholics week: One million children may just be the tip of the iceberg
Children Of Alcoholics week starts today. So, what are the aims for Nacoa during this important week...
Review of Being Human: ‘Being Human 1955’
Following on from an episode tinged with tragedy, this week lifted the mood with something lighter.
An analysis of more than 32 million exposed passwords revealed "123456" as the most commonly used security code when logging into online accounts.
Social networking services and customized widget company, Rockyou.com, suffered a data breach in December 2009.
The breach included millions of people's email addresses and passwords for Rockyou.com (and in many cases passwords and login details for associated social networking sites). The hacker responsible for the attack subsequently posted the full list of passwords on the internet.
The compromised password and login data was examined by US-based security company, Imperva Application Defense Center (ADC).
The ease and scale of this security breach should read as a warning to everyone logging onto web-based social networks, email accounts or online ecommerce sites - especially those who use the same passwords for multiple accounts.
Pairing short, uncomplicated and easy-to-guess passwords with identical login credentials for multiple sites can put you at serious risk of identity theft and can easily result in your accounts being compromised by prying eyes.
"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second-or 1000 accounts every 17 minutes," explained Imperva's CTO Amichai Shulman in a January 21 report announcement.
"The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."
Surprisingly, the analysis of the Rockyou.com data confirms that consumer password habits have changed very little over the past two decades. Almost 50 percent of users opt for passwords that are names and easily understood words or use trivial passwords such as consecutive digits and adjacent keyboard keys.
A full analysis of the 32 million Rockyou.com passwords show the most commonly used passwords are:
1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123
To keep your accounts safe, NASA recommends adhering to the following steps when creating a password:
1. It should contain at least eight characters.
2. It should contain a mix of four different types of characters - upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;" If there is only one letter or special character, it should not be either the first or last character in the password.
3. It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address.
4. Choose a strong password for sites where you care about the privacy of the information you store. Bruce Schneier's advice is useful: "take a sentence and turn it into a password. Something like "This little piggy went to market" might become "tlpWENT2m." That nine-character password won't be in anyone's dictionary."
5. Use a different password for all sites - even for the ones where privacy isn't an issue. To help remember the passwords, again, following Bruce Schneier's advice is recommended: "If you can't remember your passwords, write them down and put the paper in your wallet. But just write the sentence - or better yet - a hint that
will help you remember your sentence."
6. Never trust a third party with your important passwords (webmail, banking, medical etc.)
The information formed part of Imperva's Consumer Password Worst Practices report.
- 1 Kate Allen: It's time for America to put an end to this shameful scandal
- 2 Spotify: 1 million plays, £108 return
- 3 Chemotherapy is 'safe during pregnancy'
- 4 Rhodri Marsden: What we like and what we don't like are often closer than you'd think
- 5 BBC to issue global apology for documentaries that broke rules
- 6 Lightning kills an entire football team
- 7 I was born to be a killer. Every night I see the Devil in my dreams
- 8 Henry does it his way, ending on a high note
- 9 Modern lovers: The 'sexual body warriors' and pioneers transforming 21st-century relationships
- 10 Redknapp hints at same old faces for England
- 1 Lightning kills an entire football team
- 2 Fear for deported Saudi 'ridiculous', says Malaysian home minister
- 3 Eight arrests as Murdoch 'throws staff to the wolves'
- 4 Israel blames Iran for embassy bomb attacks
- 5 Now The Sun tries to call in its favours from Downing Street
- 6 I was born to be a killer. Every night I see the Devil in my dreams
- 7 BBC to issue global apology for documentaries that broke rules
Free trial of new Independent iPad app
Get your daily dose of the best of British journalism, sponsored by American Airlines
Win a three-week coastal jaunt
Spend three weeks exploring every nook and cranny of gorgeous Atlantic Canada.
Amazing restaurant offers
Three glasses of free champagne and a special menu at 46 top London restaurants.
Latest Independent competitions
Win anything from gadgets to five-star holidays on our competitions and offers page.
Commercial thought leaders
Watch the best in the business world give their insights into the world of business.
Day In a Page
Apple admits it has a human rights problem
James Lawton: AVB looks all at sea
Procrastination: Not now – I'm busy
Silent revolution at the Baftas
The diva who had – and lost – it all


Comments