Subscribe to CIO | Sign up to newsletters | Contact us

Another breach reveals weak passwords: Will we ever learn?

By John P. Mello Jr. | Monday, June 11 2012
It has been 18 months since more than 188,000 passwords for subscribers to Gawker were snatched by hackers and posted to the web, but consumers don't seem any more inclined to protect their passwords now than they were then. 

An analysis of the most common passwords found among the millions posted to the Net after digital desperadoes clipped them from LinkedIn reveals similarities between them and the favorites of Gawker users. 

For example, consecutive numbers are popular with both groups. Two of the top ten passwords for LinkedIn members were 1234 and 12345, while three passwords in the Gawker top ten were 12345, 123456 and 12345678.

Gawker's top ten also had a non-consecutive number, 111111, and an alpha numeric consecutive, abc123. Other top ten passwords for the site were less obvious, but not very strong either: lifehacker, monkey, and consumer.

LinkedIn members tended to stay away from old standbys of lazy password pickers like password and qwerty - both in the Gawker top ten - and focused on business (job and work were in their top ten), sex (sex and ilove) or religion (god and angel).

It's obvious that really short passwords were acceptable to LinkedIn, as evidenced in "the" making its members' top ten list. Using the name of a site for a password is also a common practice among hasty password pickers. But we all know how busy business people can be and apparently many LinkedIn members didn't have time to complete the name of the site in the password field and just used "link" instead.

If you're concerned about whether or not your password was compromised in the LinkedIn breach and haven't been informed yet by the network about it, you can check out your password at LastPass orLeakedIn

If you're looking for tips on creating a strong password, there are plenty of folks on the Net that can advise you on that subject, including Microsoft and Google. See tips at "Create a Different, Secure, Easy-to-Remember Password for Every Site."

If you're wondering how strong the passwords you're using are, you can test them at How Secure Is My Password? For example, a password like 123456 would be cracked almost instantly. 

By the way, if all this information about strong passwords makes your head hurt, How Secure has acompanion sitethat will create for you strong passwords like 4shkenaz!Sp!tt!ng, which would take a desktop PC 14 quadrillion years to crack. 

Featured Stories

Rob Fyfe receives CIO Lifetime Contribution Award
Cited for 'his approach to innovation and his courage and leadership in supporting technology based initiatives' as CIO and CEO at Air New Zealand.

Chief flexibility officer: The next CIO role?
The world is changing so quickly, and every company's business model has to change as well, says V.C. Gopalratnam, vice president, IT at Cisco. 'You really have to build an organisation that is as flexible as hell.'

Featured Solution Centre

MOST POPULAR

CONNECT WITH @ CIO NZ

SUBSCRIBE

CIO Magazine

CIO is bringing together the best of MIS NZ and CIO, the new look CIO is the only magazine that focuses on the unique management needs of senior IT professionals.

Subscribe now »

NEWSLETTERS

CIO Newsletter

Get the latest news from CIO delivered via email.

SIGNUP NOW »

MIS 100 REPORT

MIS 100MIS100 2012
The definitive guide to New Zealand's largest and most significant ICT users.

READ NOW »