(Source: Article published by Imperva: by Joe McKendrick, Smart Planet; 21.1.2010)
With everything we do these days being ‘password controlled’ we were keen to share this article we found on the net recently, that published the 20 most common computer passwords of all time. Following are the list of passwords as well as their advice on how to create stronger passwords.
The most common passwords are as follows. Is yours among them?
1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123
11. Nicole
12. Daniel
13. babygirl
14. monkey
15. Jessica
16. Lovely
17. michael
18. Ashley
19. 654321
20. Qwerty
According to the article it is:
1. Notable how many people apparently use their first names as passwords
2. Notable (as in the case of no. 7) the name of the site is frequently used
3. Clear we have made precious little progress over the past two decades in improving passwords — long considered the Achilles heel of data security:
4. “The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic, brute force password attacks… this means that the users, if allowed to, will choose very weak passwords even for sites that hold their most private data.”
5. The greatest danger is that it wouldn’t take long for a hacker to break into a percentage of accounts using the weak passwords with a brute force attack. It’s simply a numbers game:
Recommendations by Imperva:
1. All passwords be at least eight characters, and contain a mix of four different types of characters – upper case letters, lower case letters, numbers and special characters such as !@#$%^&*,;”
If there is only one letter or special character, it should not be either the first or last character in the password.
2. For online banking, email accounts, Website administration access, and so forth, the stronger the password, the better.
However, there are countless information sites — online journals, analyst firm sites, and so on, that require password access, and fumbling with a unique strong password every time you want to read a white paper is just plain annoying.
Choose a strong password for sites you care for the privacy of the information you store.” If you’re concerned about being able to remember the code, here’s a little memory-jogging trick: “Take a sentence and turn it into a password. Something like ‘This little piggy went to market’ might become ‘tlpWENT2m.’”
3. Administrators enforce strong password policy, especially if sensitive data is on the line. Another word of advice: “Make sure passwords are not transmitted in clear text. Always use HTTPS on login.” Also password files should be encrypted before being stored in a database.
4. Also worth consideration: passphrases instead of passwords.
“Although sentences may be longer, they may be easier to remember. With added characters, they become more difficult to break.”
