| Top 10 Most Common Passwords |  |  |  |
| Written by Administrator |
| Sunday, 13 December 2009 16:50 |
A commonly used password is 123456.
A recent analysis from approximately 10,000 stolen but then recovered hotmail passwords showed that out of this list 70 people had used the password 123456.
This is 0.65%. So not massively common then from this albeit relatively small sample.
And also keep in mind the purpose of these passwords – to secure a free email account; many people will not necessarily associate a great value to this type of account and may well choose extreme convenience rather than security (in terms of choosing NOT to have a long involved complex password).
So really the most common password from this sample isn’t really that common.
More worrying perhaps is that nearly half of these passwords used lower-case passwords only with no numbers or other symbols. Now this is not necessarily a problem from a human point of view – you could still spend an inordinate amount of time trying to ‘guess’ a password based on only lower case alphas.
But a system based password guess’er could swallow this easily. So as usual, it’s a horses for courses trade-off. Easy to remember passwords (god, 123456, etc) for low value digital assets may not be a problem – just like a small padlock on a shed containing plastic plant pots could be good enough ...
Protecting private email accounts with slightly more involved passwords or pass phrases may well be in order, but again what is the value placed on the data – is it really worth the ‘pain’ to attach a hugely complex, random character and symbol type pass phrase?
Well it is if your email is used for e-commerce and might include credit or debit card numbers or other information that can be used for identity fraud. Otherwise no (unless it’s made easy by a password manager)!
Perhaps though, if you have confidential corporate (e.g. personal details of customers residing under data protection acts) or home information (e.g. access to online banking) then particular attention should be made to ensuring un-guessable (by human or system) password keys?
Here is the list of (relatively) commonly used passwords:
123456
qwerty
First Name
First Name + number (up to 99), e.g. “Joyce1”, “Joyce77”
letmein (let me in)
password
password + number e.g. “password1”
Favourite movie e.g. “diehard”
12345678
abc123
85% of us use a password that is 6, 7 or 8 characters long.
Do you see yours above? Might not be so bad if you do!
|
| Last Updated on Wednesday, 21 July 2010 08:39 |
Desktop Security Team News 
