Posted on 01/21/2014 12:59:32 PM PST by nickcarraway
"123456” is finally getting some time in the spotlight as the world's worst password, after spending years in the shadow of “password.”
Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that “123456” moved into the number one slot in 2013. Previously, “password” had dominated the rankings.
The change in leadership is largely thanks to Adobe, whose major security breach in October affected upwards of 48 million users. A list of passwords from the Adobe breach had “123456” on top, followed by “123456789” and “password.” The magnitude of the breach had a major impact on Splashdata's results, explaining why “photoshop” and “adobe123” worked their way onto this year's list.
Fans of “password” could reasonably petition for an asterisk, however, given that the stolen Adobe passwords included close to 100 million test accounts and inactive accounts. Counting those passwords on the list is kind of like setting a home run record during batting practice. Don't be surprised if “password” regains the throne in 2014.
Weaker passwords are more susceptible to brute-force attacks, where hackers attempt to access accounts through rapid guessing. And when encrypted passwords are stolen, weaker ones are the first to fall to increasingly sophisticated cracking software.
(Excerpt) Read more at pcworld.com ...
I noticed 4Obama is not on the list.
According to the Verizon study of data breaches 78% of all breaches (in their study) involved weak or stolen passwords.
Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that “123456” moved into the number one slot in 2013. Previously, “password” had dominated the rankings.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
And just how does Security firm Splashdata know this? I’m guessing much the same way that Google, the NSA, and hundereds of other companies and agencies know everything there is to know.
They spy and hack.
They demand facebook, google, youtube, yahoo, gmail, ebay, and FR passwords as condition of employment.
I would use a really hard password for everything if the stupid sites wouldn’t make me jump through so many password rule hoops!
The very fact that they make me meet so many rules when creating a password makes me keep it simple so that I can remember it later.
I suggest, since the day of “the eight character password” has come and gone:
“get FukushimaD followed by (anna +1), (anna +2), (anna +3),
since all those password idiots want a lower case AND an upper case AND a special character.”
The plus one, plus two, etc, would be to wherever you visit the most, for your memory jog, i.e.:
who’s first,
what’s second,
i think you know is third (gotcha),
and so on.
6 X’s is also used a lot XXXXXX or “QWERTY” or for PIN numbers, quite a lot of people go across the number board like 9887 or 6544 or 1223 or 0852 simply because it’s easier to remember.
I did have a user once who used a set number of underscore characters because they blend together and looking at them you can't tell how many there are. Then he'd just post a numeral on his bulletin board. "6" meant six underscores. It was terribly insecure but it drove the HellDesk guys nuts.
Then there was a guy whose password was I'mAHacker. That's actually pretty good, except if you type it into the login name field instead of the password field it shows up in the event logs in plaintext. The security manager was not amused.
Then you got the guy - this is a world-class researcher, mind you - who passed his login name and password to a spammer through a bit of phishing spam. Hey, it happens, and we cut off his access and helped him change his password. So two weeks later his account starts spamming the world again. "You didn't fall for it again?" we asked him. "Heck no. I just couldn't remember the new password, so I changed it back to the old one." Some folks, they just need a-killin'...
Requiring complex passwords is self defeating as many users will post-it on their screen.
But FUBO's gotta be somewhere near the top, right?
But, as far as I know, no one has broken the Beale Cyphers!
http://en.wikipedia.org/wiki/Beale_ciphers
yep
bosco
My password is “LIFELOCK”
WHOOPS!
The MOST annoying thing they do WHICH DRIVES ME CRAZY!, is when they make you CHANGE your password! WTF!!! LEAVE ME ALONE! and they KEEP your old password on file! and wont let you switch back and use that old one!
WTF! so basically I am forced to keep all my complex ever changing passwords written down where they are 1000000000000 times more likely to be stolen!
So, if 100% of all breaches fall into the category stolen, the above statement would still be true.
I'm just about convinced that the whole field of IT Security is one huge uneducated, mentally retarded, innumerate, corrupt bunch of liars.
Smart passwords or dumb passwords -- neither matters with a security lockout after three, or five, failed attempts.
I've never seen any story outside of the movies where a system was hacked by some password algorithm.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.