January 21, 2010
Does your password make the top 10 list of most "hack-able?"
If your password is on the list below, a recent study suggests that you're providing an open invitation to be hacked:
The consulting firm Imperva has compiled this list based its analysis of 32 million passwords recently exposed during the hacking of a company called Rockyou.com that makes software for social networking sites. Among the findings:
- The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute force attacks."
- Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is "123456".
- Recommendations for users and administrators for choosing strong passwords
A company spokesman interviewed by the New York Times in connection with this story said:
about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.
That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.
“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations,” Mr. Shulman said. “The reality is that you can be very effective by choosing a small number of common passwords.”
You can read the rest herecourtesy of the NYT.
January 21, 2010 | Permalink