Sunday, November 20, 2011

25 worst passwords of 2011 - interesting survey

Recently I have blogged about the safety measures that should be exercised when using the passwords. click this link for knowing more about it.


Today's post is a cousin sister of the same where found quite amused to read the 25 worst passwords by the internet users across the globe in 2011.


Here is the excerpt from the Washington Post and BitDefender:
+++++++++++++++++++++++++++++++++++++++++

“Password” ranks first on password management application provider SplashData’s annual list of worst internet passwords, which are ordered by how common they are. (“Passw0rd,” with a numeral zero, isn’t much smarter, ranking 18th on the list.)


The list is somewhat predictable: Sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “ashley” and “michael,” all are common choices. Other common choices, such as “monkey” and “shadow,” are harder to explain.


As some websites have begun to require passwords to include both numbers and letters, it makes sense varied choices, such as “abc123? and “trustno1,” are popular choices.


SplashData created the rankings based on millions of stolen passwords posted online by hackers. Here is the complete list:


1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football
SplashData CEO Morgan Slain urges businesses and consumers using any password on the list to change them immediately.


“Hackers can easily break into many accounts just by repeatedly trying common passwords,” Slain says. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.”


The company provided some tips for choosing secure passwords in a statement:


1. Vary different types of characters in your passwords; include numbers, letters and special characters when possible.
2. Choose passwords of eight characters or more. Separate short words with spaces or underscores.
3. Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.





According to a week-long study conducted by Internet security company BitDefender, over 250,000 user names, email addresses, and passwords used for Twitter sites can easily be found online.


The study also revealed that 75 percent of Twitter username and password samples collected online were identical to those used for email accounts.


The sensitive user data was gathered from blogs, torrents, online collaboration services and other sources. It was found that 43 percent of the data was leaked from online collaboration tools while 21 percent of data was leaked from blog postings. Meanwhile, torrents and users of other social hubs were responsible for leaking 10 percent and 18 percent of user data respectively.


BitDefender warned social media users to be careful when setting up passwords for Twitter platforms and email. The researchers managed to verify the leaked email accounts and found that 75 percent of users had one common password for Twitter and accessing their email. Additionally, the study revealed that 87 percent of email IDs, user names, and passwords gathered from various sources were still active.


Cybercriminals could easily use this sensitive user data to hijack email accounts and Twitter profiles and can further be used to spread spam and malware across those platforms.


BitDefender has advised users to be extra careful while creating passwords for Twitter and email accounts and avoid using the same password just for the sake of convenience. Considering the fact that online collaboration tools are not that adept in protecting sensitive user information, users have been told to be more careful the next time they decided to share their emails, user names and passwords with a third party website.


The study conducted by BitDefender follows the release of a torrent containing a list of 171 million Facebook users, complete with their names and Facebook URLs. The security researcher who released the list for download explained that he was able to extract the names and URLs of Facebook users from a directory offered by the website itself. Facebook has maintained that the directory only contains the information users have themselves chosen to make public and can also be found via search engines

+++++++++++++++++++++++++++++++++++++++++
While it surprises me on how any sane person could use "password" as their password, It incidentally reminded me of my nephew who always used the password as "Thalakani" ("pillow" in English for the tamil uninitiated!!) with no such special characters or letters or numbers. I am wondering how many expert hackers can crack such passwords??? :)