Imagine how insecure having a password of '123456'. Well, at least its better than 'password!'
By publicly releasing copious numbers of unprotected authentication credentials, we are able to assess the frequency with which users select poor or easily guessed passwords.
The latest list derived from such sources by security software company Splashdata paints a very similar picture to any number of previous studies of exposed passwords; that for online sites that demand a password, users choose very simple ones.
Now, it's clear that too many sites demand users create an access account for totally pointless reasons, and this author is just as guilty as many others for using 'password' or something similar as a password for the site that INSISTS I create an account just to post a message on their forum. Sites that I will probably never return to and who also have a bogus email address for me (I prefer to give them me@example.com should they insist).
And that is the reason why it is unreasonable to draw too much out of this study. If everyone were using such passwords on more personally-important sites (such as email, banking etc) we would be seeing a much higher level of identity theft than we are. I'm not saying that users should weaken their password practices; far from it, but I would caution people from reading too much into studies such as these.
source: http://www.foxnews.com/scitech/2011/11/20/25-worst-internet-passwords/
If “password” is your password, chances are you’ve been the victim of a hack attack.
“Password” is the least successful, according to SplashData’s annual list of worst Internet passwords.
The list, notes Mashable.com, is somewhat predictable. Sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “ashley” and “michael,” all are common choices. Other common choices, such as “monkey” and “shadow,” are harder to explain.
As some websites have begun to require passwords to include both numbers and letters, it makes sense varied choices, such as “abc123″ and “trustno1,” have become popular choices.
SplashData created the rankings based on millions of stolen passwords posted online by hackers.
"Hackers can easily break into many accounts just by repeatedly trying common passwords," said Morgan Slain, chief executive of SplashData. "Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft."
SplashData released the list after Facebook announced last week that hackers attempt to access 600,000 Facebook accounts each day. The social network has about 800 million members."
A glance at the top 25 reveals few surprises with popular entertainment, sports and personal highlights figuring prominently amongst the numeric and keyboard-pattern samples.
The full list from Spashdata is as follows:
1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football
