- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
PC World - If you are using "123456" as your password it is past time to stop. Same if you are using the always popular "Password" to protect your account. Those easy-to-hack passwords were the top and fourth most-popular from among 32 million hacked from RockYou.com, a new study finds.
Imperva studied the breached passwords and has published an interesting study that talks about them. While "Consumer Password Worst Practices" isn't about us supposedly savvy business users, as an occasional system administrator I've run into both 123456 and Password on many occasions.
Here are the top passwords Imperva found among those compromised in the attack (they were posted online, without identifying details, for the world to see--and analyze):
1. 123456 2. 12345 3. 123456789 4. Password 5. iloveyou 6. princess 7. rockyou 8. 1234567 9. 12345678 10. abc123
If any of those look too familiar, please stop reading this story and change your password now. All these passwords are easy to crack using simple brute-force automated methods. And with the list now published, they are likely to move to the top of everyone's list of those to try first when attempting to crack an account manually.
"To quantify the issue, the combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will typically gain access to one new account on every second or a mere 17 minutes to break into 1000 accounts," Imperva said in its report.
Among its key findings:
If it makes you feel any better, a similar study of hacked Hotmail passwords from 20 years ago found much the same thing.
Imperva provides a list of password best practices, created by NASA to help its users protect their rocket science, they include:
Following that advice, of course, means you'll create a password that will be impossible, unless you try a trick credited to security guru Bruce Schneir: Turn a sentence into a password.
For example, "Now I lay me down to sleep" might become nilmDOWN2s, a 10-character password that won't be found in any dictionary.
Can't remember that password? Schneir says it's OK to write it down and put it in your wallet, or better yet keep a hint in your wallet. Just don't also include a list of the sites and services that password works with. Try to use a different password on every service, but if you can't do that, at least develop a set of passwords that you use at different sites.
Originally published on www.pcworld.com. Click here to read the original story.