Ads
Ads
All about Software
 Latest Software articles
Benchmarking Windows 7: Harder, Better, Faster, Stronger?

Benchmarking Windows 7: Harder, Better, Faster, Stronger?
Often hailed as the solution to Windows Vista performance problems, we wanted to know just how much better Windows 7 really is. We put one of our most recent test platforms through its paces to find out, benchmarking raw performance and responsiveness. Read More

  • How To: Windows XP Mode In...Ubuntu Linux?
    Windows 7's XP Mode has already convinced many users who sat out for Vista to go out and upgrade. But will they buy the right version of Windows 7 to get XPM? You do know you can get the same XP functionality from a Linux distribution for free, right? Read More
All Software articles

Newsletters


  • Ask your question about IT issues
  • Post
Popular Searches

Partners

The Games selection

kids : Bob Throw bubbles so as to make the ones that appear in the game disappear. For this, use the Right / Left arrow keys to duck or move about, and the...
crazy : PC Breakdown What is worst than a Fatal Error occuring during a game you did not save? Unleash your rage at your PC in this game. Blow it to pieces, it feels so...
Ads

Sponsored links

Stolen Hotmail Data Finds Simple Passwords

Next news
8:40 PM - October 7, 2009 by Marcus Yam

ABC, easy as 123...456789!

We've all seen the warnings about having secure passwords. Even upon account creation, many online services even include tips on how to make a secure password. It seems, though, that most users do not take heed.

IDG reports that security researcher Bogdan Calin analyzed the 10,000 stolen Windows Live Hotmail usernames and passwords that were leaked late last week and found that users are still using simple, common and downright stupid passwords.

Passwords that used simple number sequences such as 123456789 made up half of the top 10 most common passwords. The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos.

Security sites recommend that passwords should contain a combination of letters, numbers and other characters. Calin found that just 6 percent of the Hotmail passwords met such standards of complexity, but more than 60 percent were either lower case letters only, or numbers.

Interestingly, the longest password Calin found was "lafaroleratropezoooooooooooooo".

The top 10 passwords were:

   1. 123456

   2. 123456789

   3. alejandra

   4. 111111

   5. alberto

   6. tequiero

   7. alejandro

   8. 12345678

   9. 1234567

  10. estrella

Source : Tom's Hardware US

Talkback
Add your comment
JasonAkkerman 10/07/2009 11:45 PM
Hide
-13+

Whats up with all the Hispanic names?

Boxa786 10/07/2009 11:49 PM
Hide
-7+

PPL with passwords like that have no reason to complain about there account being stolen!

tipoo 10/07/2009 11:52 PM
Hide
-2+

CRAP! My bank pin number is the same as number one!

samely 10/07/2009 11:56 PM
Hide
-5+

JasonAkkerman :
Whats up with all the Hispanic names?


"The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos."

buwish 10/07/2009 11:57 PM
Hide
-2+

What happened to using a pet's name?

Ethuus 10/08/2009 12:10 PM
Hide
-13+

So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!

doomtomb 10/08/2009 12:11 PM
Hide
-3+

"alenjendra"
"alberto"
"alejendro"
"estrella"

Hmmm I wonder what demographics we are working with here.....

the_krasno 10/08/2009 12:14 PM
Hide
-6+

buwish :
What happened to using a pet's name?



The password ranking 11 is "Tamagotchi".

Sushi Warrior 10/08/2009 12:44 PM
Hide
-11+

What about "password" or "notpassword"?

koga73 10/08/2009 1:17 AM
Show
Platypus 10/08/2009 1:27 AM
Hide
-10+

koga73 :
A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.

Want a cookie for remembering them all? (Pun intended)

thatcrazyguy 10/08/2009 1:39 AM
Hide
-2+

JasonAkkerman :
Whats up with all the Hispanic names?


Well the researcher suggests that this phishing scam targeted Hispanics. Although I am still trying to figure out how and why a phisher would target a specific group of people rather than as many people as possible.

Anonymous 10/08/2009 1:41 AM
Hide
--3+

I am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.

randomizer 10/08/2009 2:24 AM
Hide
-15+

TheresaC :
I am able to create and manage strong unique password because I use a good password manager(it's web-based), Mitto (http://mitto.com). It's free, secure, and easy to use.


Wait... you give all of your passwords to one website?

ProDigit80 10/08/2009 4:59 AM
Hide
-0+

noone chose 'Hotmail' as password?

mi1400 10/08/2009 5:35 AM
Hide
-1+

it also reveal that all of stolen password were stolen from a mexican ISP.

Athreex 10/08/2009 5:38 AM
Hide
-0+

randomizer :
Wait... you give all of your passwords to one website?



haha !!

He/She will tell you ( oh yeah they have security/encryption and they don't see anything and agreements blah, blah blah) In the end, yeah you're giving your password to some password management service.

Still, the article is true, (Puerto Rican here), i know a lot people that have simple passwords, I've taught my family to combine several characters with numbers in the moment of creating passwords. On the other hand, phishing kits like this are obviouly targeted at non tech savy folks.

Anonymous 10/08/2009 5:52 AM
Hide
-1+


Ethuus 10/08/2009 12:10 PM

So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!



Space Balls!!!!

Anonymous 10/08/2009 6:16 AM
Hide
-0+

Hey, that's the same password I have on my luggage!

Duncan_Idah0 10/08/2009 8:26 AM
Hide
-0+

Taking into account that it has been stated that most of the compromised email accounts were from Europe and that they were obtained with a pishing attack, I think it is quite obvious that it was a pishing attack in Spanish targeted at Spaniards... I mean not much sense sending an email in spanish pretending to be from hotmail staff to a britt or a dutch.

anamaniac 10/08/2009 8:26 AM
Hide
-0+

Ha!

Too bad I know 1234 and 0000 to be many people's pin numbers...

How about sex and god? Or anything containing them?

DominionSeraph 10/08/2009 12:12 PM
Hide
-0+

The simplicity of hotmail passwords alone says nothing. I have 3 hotmail accounts that all use 123456: Two I use as spam drops, and one is for screwing with scammers.

And now, with Freetoeveryone@live.com, I have four.
Oh noes! My security!

Robotica 10/08/2009 1:46 PM
Hide
-3+

"Somebody change the combination on my luggage!"

andyviant 10/08/2009 3:52 PM
Hide
-0+

thatcrazyguy :
Although I am still trying to figure out how and why a phisher would target a specific group of people rather than as many people as possible.



Check out this page: http://www.internetworldstats.com/stats2.htm

Shows that internet usage among central and south american countries has skyrocketed ~900% since 2000. That means (assuming the majority of those people speak spanish) that there a are a number of users in this demographic who are new to this and are likely to fall for phishing scams that more experienced users (I'll give some of us credit) would not be fooled by.

And a more simple answer to your question: the phisher spoke spanish -- not english. Since phishing scams rely on convincing language use, even if he knows a bit of english it may not be enough to make you think he's google/microsoft doing a password reset.

DiscoDuck 10/08/2009 4:26 PM
Hide
-0+

My son has a gmail account with the name sendmespamhere or to that effect that he gives out to online requests and only checks it when he needs the redirect for security.

ssalim 10/08/2009 5:18 PM
Hide
-0+

Brings back memory of "Space ball" movie.

tayb 10/08/2009 6:59 PM
Hide
-0+

How could a hacker target a demographic? You don't have to select and as far as I can tell aren't even given an OPTION to choose your ethnicity or race. From what I read the hackers only got the first two letters of the alphabet which, from my personal experience taking attendance in college courses, Hispanic first and last names start with the letter A much more often than do American first and last names. Sounds more like a coincidence than it does a racially driven hotmail attack.

nachowarrior 10/08/2009 8:02 PM
Hide
-0+

well... that just goes to show how stupid people are. It's just as easy to remember a phrase and use that as your password... EG: My Balls Itch Every Sunday Morning Until I Put Syrup On My Cereal. equates to MBIESMUIPSOMC as a password... effed up and long. Throw some numbers in there, and you can e\/en make it rhyme for a mnemonic de\/ice... just don't use alliteration... hahaha.

nachowarrior 10/08/2009 8:03 PM
Hide
-0+

oh, and i'm surprised to not see 8675309 in there...

rooket 10/08/2009 9:33 PM
Hide
-0+

I used to use a password that was all numbers like 60626466 I dunno if that is easy to figure out or not but it was easy to remember. that site is long gone now.

hmm maybe people use simple passwords because there isn't anything important in their email account. you know some of these younger people only email friends with it and there's like no bank account and stuff attached so really nothing to worry about.

also this type of article makes it exceedingly simple to search for the password list on the web. I found it one day and made sure my name wasn't in there. I think the site hosting it is kind of lame for not keeping an eye on things. I mean an admin should be able to do a quick search every here and then and delete those. Just shows how secure things are in the real world on sites like that.

Sponsored links