Top 20 Passwords You Shouldn’t Be Using

by stephen on Jan.25, 2010, under how-to, news, security

The folks at Imperva have released a report examining the 32 million passwords that were exposed in a breach of the RockYou website last year.

What they discovered (and it matches the findings of other studies conducted in the past) is that human beings are very bad at choosing hard-to-guess passwords.

Here are the top 20 passwords that RockYou users had chosen:

1.123456
2.12345
3.123456789
4.Password
5.iloveyou
6.princess
7.rockyou
8.1234567
9.12345678
10.abc123
11.Nicole
12.Daniel
13.babygirl
14.monkey
15.Jessica
16.Lovely
17.michael
18.Ashley
19.654321
20.Qwerty

Let me say this loud and clear: choosing an easy-to-guess password is reckless. Thinking that no-one else will have thought of a password like “123456″ is insane. Choosing a dictionary word like “Password” to protect your account is about as good an idea as using blancmange to build a brick wall.

It’s important not to choose common passwords like “iloveyou” or “Qwerty” as hackers can easily check these first. For instance, the infamous Conficker worm uses a built-in list of 200 common passwords to try and gain access to computers.

And, man oh man, how bonkers is it to use a password like “rockyou” – the name of the website you are logging into!?? What’s the betting that those users also use “ebay” as their eBay password, “hotmail” as their Hotmail password and “bank” as their banking password?

So, make 2010 the year when you finally choose sensible passwords. That means passwords that aren’t dictionary words, aren’t predictable sequences of numbers or rows of keys on your keyboard. And ensure that you aren’t using the same password on every website you use (our research shows that 33% of people do precisely that – meaning that if you get hacked in one place, every website account you own is potentially open to the hackers).

From: http://www.sophos.com/blogs/gc/g/2010/01/22/top-20-website-passwords/