Protect Yourself with Secure Passwords

Most Common Passwords used on RockYou:

1. 123456
2. 12345
3. 123456789
4. password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123
11. nicole
12. daniel
13. babygirl
14. monkey
15. jessica
16. lovely
17. michael
18. ashley
19. 654321
20. qwerty
21. iloveu
22. michelle
23. 111111
24. 0
25. tigger
26. password1
27. sunshine
28. chocolate
29. anthony
30. angel
31. FRIENDS
32. soccer

Source: Imperva

RockYou has been criticized in the past for having poor privacy practices. An unknown hacker managed to get in and steal millions of user accounts and passwords, and then posted them on the Internet publicly (This goes to show you that website security is extremely important, especially if you allow your visitors and clients to access your site). Imperva, a company that develops software for preventing hackers and has been running studies like this for over a decade, took the list and put together the top 32 most used passwords. Imperva states that the data set from RockYou is pretty similar to the rest of the Internet.

123456

If anyone remembers that infamous scene in the film 'Space Balls' where Mel Brooks recites the password (12345) that gives him access to an entire planet, he shrugs off the fact that it's also the same password as his luggage. The joke isn't very far off, since the study shows that '123456' represents 1% of passwords used. Of course, right up there on the list is '12345,' the creative adaptation '654321,' and of course the nefarious 'password.' In fact, 20% of the 32 million people used a tiny pool consisting of 5,000 passwords. A hacker could easily fire off thousands of password guesses in a matter of minutes, meaning these users might as well not have a password in the first place.

The problem branches out much further, however. RockYou, as mentioned, had insufficient privacy restrictions and security. Email addresses and some other information came bundled with each password that the hacker posted. How many times do you use the same password? It's not a complete shot in the dark to assume that the user has the same password for their email, their online bank accounts, their paypal account, and so forth.

Source: Space Balls, MGM

Best Practice

If it isn't obvious, having a secure password matters. Use a combination of letters and numbers, and if the site gives you the option to enter 6-18 characters, don't be compelled to stop on the sixth. Don't use common words, names, or sequential numbers, and always combine numbers with letters (and symbols if possible). Some sites won't allow you to pick common passwords, and others may take action to block an account if too many incorrect guesses are made, but the real line of defense is having a strong password for each account. At least have two or three so your email, bank accounts, and social networking sites are all using separate passwords, although it's best to have a different password for each account, just in case.

Next time, I'll show you a few ways to keep track of your passwords securely.