Top 20 website passwords you shouldn't be using

Filed Under: Data loss, Video

Keys
The folks at Imperva have released a report examining the 32 million passwords that were exposed in a breach of the RockYou website last year.

What they discovered (and it matches the findings of other studies conducted in the past) is that human beings are very bad at choosing hard-to-guess passwords.

Here are the top 20 passwords that RockYou users had chosen:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123
  11. Nicole
  12. Daniel
  13. babygirl
  14. monkey
  15. Jessica
  16. Lovely
  17. michael
  18. Ashley
  19. 654321
  20. Qwerty

Let me say this loud and clear: choosing an easy-to-guess password is reckless. Thinking that no-one else will have thought of a password like "123456" is insane. Choosing a dictionary word like "Password" to protect your account is about as good an idea as using blancmange to build a brick wall.

It's important not to choose common passwords like "iloveyou" or "Qwerty" as hackers can easily check these first. For instance, the infamous Conficker worm uses a built-in list of 200 common passwords to try and gain access to computers.

And, man oh man, how bonkers is it to use a password like "rockyou" - the name of the website you are logging into!?? What's the betting that those users also use "ebay" as their eBay password, "hotmail" as their Hotmail password and "bank" as their banking password?

So, make 2010 the year when you finally choose sensible passwords. That means passwords that aren't dictionary words, aren't predictable sequences of numbers or rows of keys on your keyboard. And ensure that you aren't using the same password on every website you use (our research shows that 33% of people do precisely that - meaning that if you get hacked in one place, every website account you own is potentially open to the hackers).

It's easy to understand why computer users pick dictionary words as they're much easier to remember, but as I explain in this video there are ways to make a complicated password really simple to remember:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

* Image source: canonsnapper's Flickr photostream (Creative Commons)

, ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.