Security 101: users still using extremely weak passwords

Enterprises can employ every security technology, standard and protocol  they can find to secure their back-end systems from intrusions. However, the greatest vulnerabilities are still found in the front end, where the end-users sit.

A compilation of the most commonly used — and potentially most insecure — passwords seen over the past year was recently drawn up by Splashdata and reported in Mashable. Splashdata found that incredibly enough, the leading password in use today is the word “password.” Interestingly, number 4 on the list, the keyboard lineup of “qwerty,” is counterbalanced by item number 23, “qazwsx,” which is the first three rows of keys typed vertically.

The list closely parallels that developed close to two years ago by Imperva, showing that these terms never go out of vogue.

Here is this year’s top 10:

1. password 2. 123456 3.12345678 4. qwerty 5. abc123 6. monkey 7. 1234567 8. letmein 9. trustno1 10. dragon

SmartPlanet colleague Tuan C. Nguyen provides a surprisingly simple technique for deriving a strong password that makes it difficult for hacking programs to arrive at the right brute force combination — employing a symbol in combination with an upper-case and lower-case letter.

Not everyone thinks that strong passwords are the answer, however. In another study on passwords, a Microsoft researcher conducted a cost/benefit analysis of  efforts to encourage stronger passwords, and questions whether the costs of strong password management outweighs the benefits.

(Cross-posted at SmartPlanet Business Brains.)