And "password" was the leader of them all, in use by 4.7 percent of user accounts.Ĭonsidering how easily those lists are obtained and turned into fodder for even the most simple password cracking schemes, choosing a simple password is like leaving your house's door unlocked. Think your password is a special snowflake, unique in the world? Burnett did an analysis of 6 million username and password combinations last year, and found that 91 percent of users had used one of the 1,000 most common passwords-with 99.8 percent using a password from the 10,000 most common. SplashData's findings are pretty consistent with those of security consultant Mark Burnett, the author of the book Perfect Passwords. Here's the full list of the top 25 most common passwords for 2012: Rank An analysis of millions of stolen login credentials posted by hackers discovered that for the third year in a row, "password" was the most commonly used password, with "123456" and "12345678" still steady in the #2 and #3 positions. This past week, password management tool developer SplashData published the results of what has become an annual ritual-the quest for the "scariest" passwords. The most common was "123456," followed closely by "ieee2012" and the ever-popular "12345678." And when hackers cracked the personal email account of the notoriously security-conscious Syrian president Bashar Hafez al-Assad, what did his password turn out to be? It was "12345." Breach after breach, security analysts find that many users have used passwords that are vulnerable to even the most casual attempts at breaking-passwords like "password."įor example, an analysis of IEEE's log files found that of the 100,000 users' accounts that were exposed on, about 18,000 used passwords that would have been easy prey for hacking. Still, it doesn't help the cause very much when users pick passwords that are just begging to be exposed-not through high-horsepower cracking tools, but by flat-out guessing. Even when they're encrypted, those password files can easily be cracked (as Dan Goodin reported) with a variety of readily-available "password recovery" tools-and thanks to software that uses the power of beefier graphics processor units and vast lists of previously cracked passwords, it's getting increasingly easier. Websites' poor security often leaves them vulnerable to the bulk theft of password files-or, as in the case of the exposure at the Institute of Electrical and Electronics Engineers', sometimes passwords are just sitting there on servers unencrypted and waiting to be downloaded. But on the Internet, it's already been established that nearly any password is vulnerable to cracking, no matter how elaborate. I've railed in the past against the risks created, ironically, by companies having password policies that are too aggressive. And it isn't just the non-technical masses that are leaving themselves vulnerable. Despite the many, many cautionary tales we hear every day of e-mail, social media, and other Internet accounts being compromised, some people still haven't heeded the warnings about using easily-guessed passwords. * Generate Password Recovery report in HTML/XML/Text/CSV file format. * Sort feature to arrange the displayed password list by username, password or website which makes it easy to search through 100's of entries. Top Software Keywords Show more Show less
0 Comments
Leave a Reply. |