Your Top 20 Most Common Passwords
Is your password "123456"?
Last year, a major security breach at RockYou.com resulted in the release of 32 million passwords. With such a large data set available, security firm Imperva Application Defense Center (ADC) analyzed and found that, when given the chance, most users will choose a simplistic password.
Imperva found that nearly a third of users chose passwords whose length is equal or below six characters and almost 60 percent of users chose their passwords from a limited set of alpha-numeric characters. Almost half of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on), with the most common password being "123456".
Here are the top 20 most popular passwords from the RockYou.com leak.
Imperva notes that even though hacking techniques have become better, users of today are no wiser than those 20 years ago. The company's report says that a study of Unix password security in 1990 and hacked Hotmail passwords from 10 years ago showed little change.
So how can everyone get better? Imperva recommends the following:
1. Choose a strong password for sites you care for the privacy of the information you store. Bruce Schneir’s advice is useful: “take a sentence and turn it into a password. Something like “This little piggy went to market” might become "tlpWENT2m". That nine-character password won't be in anyone's dictionary.”
2. Use a different password for all sites – even for the ones where privacy isn’t an issue. To help remember the passwords, again, following Bruce Schneier’s advice is recommended: “If you can't remember your passwords, write them down and put the paper in your wallet. But just write the sentence – or better yet – a hint that will help you remember your sentence.”
3. Never trust a 3rd party with your important passwords (webmail, banking, medical etc.)
Read the full report from Imperva here.
Who is changing his or her password today?
- Firefox 3.6 is Officially Ready for Download
- Clinton Wants Chinese Explanation of Hacking
- Galaxy Launches 2-Year-old Graphics Card. Why?
- Nvidia Driver Bug Stops Overclocking; Fix Soon
- Drool: Maingear's New OC'd Core i7 Gaming Rigs
- System Specs Revealed for Aliens vs Predator
- HP to Launch Laptops With Integrated Projectors
- Build Your Own: Introducing Tom's Hardware's BestConfigs!
- Asus Launching Ion 2 Eee PC in April
- China Says U.S. Accusations are 'Groundless'
- Caption Contest: What's Bill Gates Saying?
- AMD Posts First Profit in Three Years
- Linux Needs to Master Hardware to Beat Windows
- VOTW: Steve Ballmer, Will You Sign My MacBook?
- Stop Motion Animation Meets PSPGo Tear Down
- Samsung Settles With Rambus for $900 Million
- Nvidia Found Guilty of Infringing Rambus Patents
- Rival Eee Keyboard Spotted, Powered by XP
So there are a lot of dumb Nicoles? hahaha.
Natural selection I say. People smart enough to have good passwords are less likely to get hacked- they are not worth the effort as it would be easier to hack someone dumber.
Wow.... that is pretty pathetic. Doe people not realize that getting hacked into sucks?
Stupid Sheep. Alpha numberic, upper and lower case.
I have to suffer through phone calls from people who want my personal information everyday, just so I can conduct my business. This is because of people who steal identities from the idiot sheep who can't be troubled to remember not to use little Suzy's name as the password on your bank account.
You get what you deserve, and I have to pay for it. Wasted time on the phone giving information, and wasted money on the taxes I pay because of the laws that get passed, because you idiots can't come up with a more secure password.
Lazy stupid idiot sheep.
123456 and qwerty?
I'm not surprised that 1/5 th of Americans can't pinpoint the US on a world map.
these people are idiotic
Wow.....
I just used ninite to install apps after installing win7 last night. One of the apps to choose from was KeyPass. Would that be considered a "3rd party" I'm not supposed to trust or just a tool to store passwords that is better than a list in a wallet?
These passwords are all too easy...
I think that the numbers is 'cause are the fast access in the keyboard. But also some people are a little idiots, all the accounts have recomendations for the password, if they don't read this, is their fault.
Fail. I meant KeePass.
Roland: One.
Dark Helmet: One.
Colonel Sandurz: One.
Roland: Two.
Dark Helmet: Two.
Colonel Sandurz: Two.
Roland: Three.
Dark Helmet: Three.
Colonel Sandurz: Three.
Roland: Four.
Dark Helmet: Four.
Colonel Sandurz: Four.
Roland: Five.
Dark Helmet: Five.
Colonel Sandurz: Five.
Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
----------------------------
President Skroob: Did it work? Where's the king?
Dark Helmet: It worked, sir. We have the combination.
President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?
Colonel Sandurz: 1-2-3-4-5
President Skroob: 1-2-3-4-5?
Colonel Sandurz: Yes!
President Skroob: That's amazing. I've got the same combination on my luggage.
Dark Helmet, Colonel Sandurz: [looks at each other]
123456 and qwerty? I'm not surprised that 1/5 th of Americans can't pinpoint the US on a world map.
That is actually not a fact. Please do not put all Americans in the same pot as this teen beauty pagent participant. While I find it sad that the numbers were not 100%, they certainly were not what you are stating.
"Miss South Carolina Teen USA was asked recently why one in five Americans can't find the United States on a map. Unfortunately, that statistic is entirely inaccurate. According to the recent National Geographic-Roper Public Affairs 2006 Geographic Literacy Study, “Nearly all (94%) young Americans can find the United States on the world map, and Canada (92%) and Mexico (88%) are nearly as familiar.” The judges of Miss Teen USA should have gotten their facts straight! Only three in fifty Americans can't find the U.S. on a world map."
I love having to change my password at work every 90 days. It's awesome. And I can't reuse them either! I have about 20 different passwords I have to remember as a result.
And those passwords are pathetic.
Because of this, I had to change my password.....................
Because of this, I had to change my password.....................
lol
WOW! There are WAY more stupid people then I thought. My passwords 14 characters long with a mix of upper and lower and a couple of numerals.
@skine, SPACEBALLS FTW!
I can honestly say, I've never used any of them.
Oh all you people are SOOO smart. did you ever think that maybe there are lots of passwords for things that people don't really need or want a password for? And for these things(especially if there are several people using the same account) people intentionally invent really dumb passwords?
Iloveyou too computer
on a side not i wouldn't think rockyou be so high seems rather odd imo
My password for a lot of things is pneulmolnoultramiscroscopicsilicovocanicaniosisi.
Am I good password-er?
Roland: One.Dark Helmet: One.Colonel Sandurz: One.Roland: Two.Dark Helmet: Two.Colonel Sandurz: Two.Roland: Three.Dark Helmet: Three.Colonel Sandurz: Three.Roland: Four.Dark Helmet: Four.Colonel Sandurz: Four.Roland: Five.Dark Helmet: Five.Colonel Sandurz: Five.Dark Helmet: So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage! ----------------------------President Skroob: Did it work? Where's the king?Dark Helmet: It worked, sir. We have the combination.President Skroob: Great. Now we can take every last breath of fresh air from Planet Druidia. What's the combination?Colonel Sandurz: 1-2-3-4-5President Skroob: 1-2-3-4-5?Colonel Sandurz: Yes!President Skroob: That's amazing. I've got the same combination on my luggage.Dark Helmet, Colonel Sandurz: [looks at each other]
Hey that's the combination I have on my luggage!
I usually use an 8-character mixed password that was randomly generated by an automated system; different ones for different things, or at least different types of things.
w@1TFacebook, w@1tHotmail, w@1tBankOfAmerica, w@1tTomsHardware
F@c3, W@1t, P0op, Bo08$, F@r7, P1@n0... Think of 4-5 letter words that have letters like I,L,A,E,S,T,G in it. After you have a good word you just add a suffix like "Facebook" or "Google" or "Gmail". This will ensure that you have a different password for all of your accounts that is easily guessable by you. If you adopt this model, the only folks you need to fear are the people who you are foolish enough to give your password to. If you have a password like this, your password wont be cracked with a dictionary attack, a much slower brute force will be needed to crack the password.
My laptop runs at 1.6Ghz and I have been able to test as many as 250,000 passwords per second on a Zip file. That means that the #1 passwd of 123456 would be cracked in less than one second.
A 8 character password with upper (26), lower (26), number (10), and special characters (10) should take about 80 years on my pansy laptop.
Take care of yourself.
Stupid Sheep. Alpha numberic, upper and lower case. I have to suffer through phone calls from people who want my personal information everyday, just so I can conduct my business. This is because of people who steal identities from the idiot sheep who can't be troubled to remember not to use little Suzy's name as the password on your bank account.You get what you deserve, and I have to pay for it. Wasted time on the phone giving information, and wasted money on the taxes I pay because of the laws that get passed, because you idiots can't come up with a more secure password.Lazy stupid idiot sheep.
Yea, blame the victims. Classy.
to be secure you need a password that is not a word (including symbol replacement) has lower, upper case, numbers, and symbols (@, # ,$ ...) and be 10 or more characters
My password for a lot of things is pneulmolnoultramiscroscopicsilicovocanicaniosisi.Am I good password-er?
Exceptionally good, given that you misspelled it.
You don't need a paranoid 30 random character password to be safe. 8 letters and a number or two make it practically impossible to brute force in a reasonable amount of time over the internet. Just try recovering a RAR password with more than 6 characters and it takes days to brute force with 100% cpu usage.
@drowned, don't forget that this could be done massively parallel on a gpu, then instead of testing 4/8 passwords at a time you could do hundreds
a GPU accelerated password cracking software would crack these less than a second. Be warned..