Sunday, 22 January 2012

News: 25 Worst Passwords of 2011

Courtesy of David Coursey at Forbes, not one but two lists of unforgivably lax passwords. If yours is on either of these lists, go change it immediately. It's probably the same pasword for most of your accounts on multiple sites, so stop being lazy and implement separate passwords for each.

Use a decent set of guidelines for password creation, like the ones we posted previously.

Even if your password is not on these lists, you're not off the hook.

Remember that straight words, phrases and alpha-numeric strings are no longer sufficient to resist dictionary attack or 'brute-force' (trying every character combination). Here are the two lists, the first compiled by SplashData:
  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx (look down your keyboard)
  24. michael
  25. football
This isn't much better than the list compiled in 2010, when Imperva looked at 32 million stolen passwords:
  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
If you're already following best practice, you may now laugh, before sharing this with family and friends. Look after each other out there. RC