Stolen Hotmail Data Finds Simple Passwords

News
By
published

ABC, easy as 123...456789!

We've all seen the warnings about having secure passwords. Even upon account creation, many online services even include tips on how to make a secure password. It seems, though, that most users do not take heed.

IDG reports that security researcher Bogdan Calin analyzed the 10,000 stolen Windows Live Hotmail usernames and passwords that were leaked late last week and found that users are still using simple, common and downright stupid passwords.

Passwords that used simple number sequences such as 123456789 made up half of the top 10 most common passwords. The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos.

Security sites recommend that passwords should contain a combination of letters, numbers and other characters. Calin found that just 6 percent of the Hotmail passwords met such standards of complexity, but more than 60 percent were either lower case letters only, or numbers.

Interestingly, the longest password Calin found was "lafaroleratropezoooooooooooooo".

The top 10 passwords were:

   1. 123456

   2. 123456789

   3. alejandra

   4. 111111

   5. alberto

   6. tequiero

   7. alejandro

   8. 12345678

   9. 1234567

  10. estrella

Marcus Yam
Marcus Yam
Marcus Yam served as Tom's Hardware News Director during 2008-2014. He entered tech media in the late 90s and fondly remembers the days when an overclocked Celeron 300A and Voodoo2 SLI comprised a gaming rig with the ultimate street cred.
30 Comments Comment from the forums
  • JasonAkkerman
    Whats up with all the Hispanic names?
    Reply
  • Boxa786
    PPL with passwords like that have no reason to complain about there account being stolen!
    Reply
  • tipoo
    CRAP! My bank pin number is the same as number one!
    Reply
  • samely
    JasonAkkermanWhats up with all the Hispanic names?"The other half of the list is made up of names alejandra, alberto, and alejandro, which lead Calin to believe that the passwords were stolen by a phishing kit targeting Latinos."
    Reply
  • buwish
    What happened to using a pet's name?
    Reply
  • Ethuus
    So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
    Reply
  • doomtomb
    "alenjendra"
    "alberto"
    "alejendro"
    "estrella"

    Hmmm I wonder what demographics we are working with here.....
    Reply
  • the_krasno
    buwishWhat happened to using a pet's name?
    The password ranking 11 is "Tamagotchi".
    Reply
  • Sushi Warrior
    What about "password" or "notpassword"?
    Reply
  • koga73
    A strong password is important! My passwords are 16 characters long using uppercase/lowercase/numbers. Its not prone to dictionary attack or brute-force (well, itd take a long time). And all of my passwords are different so if one is comprimised the rest arn't.
    Reply