Are you any good at creating passwords?

Jan 30, 2010 By Tim Barker

There's an interesting little study that's been done by security firm Imperva, which analyzed some 32 million passwords posted online in December by some enterprising hacker.

Imperva's analysis (www.imperva.com/docs/WP_Consum… _Worst_Practices.pdf) shows pretty much what you'd expect -- people, in general, don't take passwords all that seriously.

There's no other way to explain how 30 percent of users chose passwords with six or fewer characters -- making them quite vulnerable to brute force attacks. Or why nearly half of the users chose slang words, proper names and words found in the dictionary.

Such things are frowned upon by security experts, who say they make you an easy target.

So, just for fun, let's look at the top 10 passwords found among those 32 million samples:

1. 123456

2. 12345

3. 123456789

4. Password

5. iloveyou

6. princess

7. rockyou (the name of the site the passwords were stolen from)

8. 1234567

9. 12345678

10. abc1233

If any of these look familiar, maybe it's time to put just a little more thought into your password selection -- particularly if the in question is guarding credit card data or anything else you don't want a total stranger to know.

Explore further: Digital dilemma: How will US respond to Sony hack?

4.2 /5 (12 votes)
add to favorites email to friend print save as pdf

Related Stories

Tired of Passwords? Replace Them With Your Fingerprint

Sep 14, 2004

If you're like most people, you have more than a dozen passwords and user names to remember. Whether you're checking your e-mail for new messages, catching up on the news, posting to a Web discussion group, ...

So many passwords, so little memory

Apr 15, 2009

How many keys are on your keychain? I just looked at mine and counted nine keys. And that's not counting the bulky little remote control key fob that locks and unlocks my car. I've tried to consolidate my keys by making one ...

Help! How to avoid fast-moving computer worm

Jan 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Spyware poses identity-theft risk (Update)

Sep 15, 2005

A new study finds that a growing amount of Internet spyware -- programs downloaded to users' computers without their knowledge -- is designed specifically to steal personal information that could be used for identity theft. ...

Recommended for you

Digital dilemma: How will US respond to Sony hack?

Dec 18, 2014

The detective work blaming North Korea for the Sony hacker break-in appears so far to be largely circumstantial, The Associated Press has learned. The dramatic conclusion of a Korean role is based on subtle ...

UN General Assembly OKs digital privacy resolution

Dec 18, 2014

The U.N. General Assembly has approved a resolution demanding better digital privacy protections for people around the world, another response to Edward Snowden's revelations about U.S. government spying.

Online privacy to remain thorny issue: survey

Dec 18, 2014

Online privacy will remain a thorny issue over the next decade, without a widely accepted system that balances user rights and personal data collection, a survey of experts showed Thursday.

Spain: Google News vanishes amid 'Google Tax' spat

Dec 16, 2014

Google on Tuesday followed through with a pledge to shut down Google News in Spain in reaction to a Spanish law requiring news publishers to receive payment for content even if they are willing to give it away.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

Jimster
not rated yet Jan 31, 2010
I find the easiest way to create a very secure password as well as a way to easily remember it is to use a Chess opening in algebraic notation. For example e4Nf6e5Nd5d4 is a good start. If you want to add another layer of security you can relable the board columns with
T-U-N-A-F-I-S-H or other suitable combination of letters. For chess players these passwords are very easy to remember and have case-sensitive characters.
nevdka
not rated yet Feb 01, 2010
I've always found neighbors' cars' license plates to be a good source of passwords. Especially since I move around a lot, and most of my neighbors have gone through cars quickly...
Grave
not rated yet Mar 09, 2010
just use longer sentence as a password, its easy to remember and pretty much unhackable in reasonable timeframe even with good rainbowtables (the longest were around 30 characters long)

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.