Wednesday, November 07, 2012

Top 10 Worst Passwords of 2012

The following is a guest post from Devon Littleton. Devon is an outdoors enthusiast and Internet researcher and writer. He recently trekked across lava in Hawaii and is a copy editor for Grand Woodworking.

If you use the Internet, then you probably have multiple user names and passwords for various services that you use. There are email accounts, social media sites, your ftp login for a hosting account, perhaps a bank or credit card account, access to work accounts and all the great tools and apps that have become indispensable. Each new account or service brings the threat of a security breach. So you would figure that people have grown accustomed to creating secure passwords. Apparently they haven't.

According to a newly released study conducted by password security firm SplashData - Internet users persist in using ''password'' as their, well, password. The study compiled data on published password lists from known hacker sites. These passwords are likely to be easily exploited in any hacking attempt due to their popularity and simplicity. Here are the top 10 worst passwords of 2012:

1. password
2. 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
7. letmein
8. dragon
9. 111111
10. baseball

Passwords By the Numbers
If you are looking to create a truly secure password - you'll need two components: length and complexity. Longer passwords create more permutations and combinations that a computer needs to create in order to break it. Additionally, if those characters are expanded in complexity it becomes almost impossible for even a very sophisticated super computer to hack the password. However, length trumps complexity every time. Here is an example:

Using practically every combination of characters on the keyboard = 123456789AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz <>!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ (upper case, lower case, numbers and non-alphabet characters) and creating a password that is 8 characters in length (often the minimum required by websites for security) will yield 7.2 quadrillion possible combinations. That is 7.2 followed by 15 zeros. Sounds secure doesn't it? However, a super computer which could run through combinations at the rate of 1,000,000,000 passwords each second would take just over 83 days to hack that password. Not exactly fast, but doable.

Compare that to a password generated using just the lower case alphabet = abcdefghijklmnopqrstuvwxyz that is 20 characters in length. Such a password would have 19.9 octillion possible combinations. That is 19.9 followed by 27 zeros. Here it is written out: 19,900,000,000,000,000,000,000,000,000. This longer but somewhat simpler (in terms of the characters) password would take a super computer 631 billion years to crack. Not likely.

In case you never saw this video clip - check out Data from Star Trek the Next Generation imitating Captain Picard and creating a secure password for the Starship Enterprise.

How to Create a Secure Password
Generally speaking, the longer and more complex a password is - the more secure it is. Here are a few guidelines from Internet security expert Daniel Foster, Technical Director with website hosting:

Never ever use a 'default' password as your own password. Certain programs or websites will automatically populate a password field which you are then expected to type over with a new password. Never use the default - create an original and secure password from scratch.

Dictionary passwords are easy to crack - don't use them. Any word that can be found in a dictionary can also easily be added to the database of a hacker.

The most secure passwords are a minimum of eight characters long and contain lower case letters, upper case letters, numbers and non-alphanumeric characters as well. Longer passwords are more secure.

Create unique passwords for each login that you have. Reusing the same password over and over creates a greater security risk.

Avoid common patterns in passwords. As can be seen in the 'worst passwords' list above, repeating a number or listing consecutive letters or numbers is a bad idea. Get creative with your passwords and avoid obvious patterns.

Need help creating a secure password? Use a secure password generator.

Once you have created a password which you think is secure, you can test your assumption with Microsoft's password strength checker. (MS appears to have dropped their support for the tool)

Mr. Foster also suggests changing your passwords from time to time. Remember not to get complacent - earlier this year hundreds of thousands of passwords were hacked from sites including Yahoo!, LinkedIn and eHarmony. Those same password lists were uploaded to a Russian hacker server and presumably remain on hacker lists throughout the Internet. This means that re-use of any of those passwords represents a potential security risk.

Good luck creating a secure password and maintaining all of your Internet services free from compromise.

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you