Leaving Hackers an Electronic Key

January 21, 2010 (PLANSPONSOR.com) – Sequential numbers may be easy to remember, but a new study about the security of computer passwords suggests you may as well leave an electronic key under the doormat with a promise to feed hackers cookies and milk once they break into your system.

There’s lots of cause for concern since the most common password, according to Imperva, a Redwood Shores, California, computer security firm, is “123456.” That is followed by a more compact “12345” and for those looking for something more comprehensive there is “123456789.” 

An Imperva news release about its study of 32 million passwords posted by hackers to the Internet in December lists the top 10 most common. Half were strings of sequential numbers while other common passwords included the word “password,” and “iloveyou.” 

By relying on a short and simple password, Imperva warns, users become susceptible to basic forms of cyber warfare known as “brute force attacks.” The company says almost half of the passwords it studied were names, slang words, dictionary words, or what it terms “trivial passwords” (consecutive digits, adjacent keyboard keys). 

The password database used in the project came from a hacker attack against RockYou, a San Mateo, California, developer of social media “widgets” that announced in December its system had been breached.   

“Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second or 1,000 accounts every 17 minutes,” asserts Imperva’s CTO Amichai Shulman, in the news release. “The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine.”  

To keep hackers at bay, the company recommends passwords that are at least eight characters long and those that contain four different character types – upper case letters, lower case letters, numbers, and special characters (such as !, $, etc.). 

Shulman warns: “It’s time for everyone to take password security seriously; it’s an important first step in data security.” 

The password study is available here.  

Imperva Top 10 Password List

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

«