Imperva, the first company to announce last month’s hack of social networking applications developer RockYou, has completed an analysis of the more than 32 million passwords that were exposed. In their findings, Imperva discovered that the top five passwords used were 123456, 12345, 123456789, password, and iloveyou. Yikes. Looks like some people need to review Reputation.com CEO Michael Fertik’s tips for picking a strong password.
In an article for Computer World, Jaikumar Vijayan further explores Imperva’s findings.
According to Imperva, about 30% of the passwords in the hacked list were six characters or smaller, while 60% were passwords created from a limited set of alphanumeric characters. Nearly 50% of the users had used easily guessable names, common slang words, adjacent keyboard keys and consecutive digits as their passwords.
[...]
Many of the top 5,000 passwords in the list were identical to those found in password dictionaries, which are used by hackers to brute-force their way into accounts, said Amichai Shulman, chief technology officer at Imperva. On average, a malicious attacker using such a password dictionary would have been able to break into a RockYou account at the rate of roughly one every second using an automated password-guessing tool, he said.
While RockYou is to blame for keeping their users password information woefully underprotected, Imperva’s data would suggest that the users themselves don’t seem to care much about privacy. Implementing strong passwords on all of your Internet accounts is a major component of protecting your identity on the web. As a society, we live too much of our lives online to be irresponsible about our data privacy. If you have weak passwords, change them now, before it’s too late.
1 comment so far ↓
This really isn’t surprising. We’d all be amazed how much this wouldn’t happen if people took the extra .5 seconds to add a number or two to the end of their password. Leave the door open and people will come in.
Leave a Comment