Security 101: users still using extremely weak passwords

Security 101: users still using extremely weak passwords

Summary: Number one password in use in 2011? 'Password'!

SHARE:
TOPICS: Security
39

Enterprises can employ every security technology, standard and protocol  they can find to secure their back-end systems from intrusions. However, the greatest vulnerabilities are still found in the front end, where the end-users sit.

A compilation of the most commonly used — and potentially most insecure — passwords seen over the past year was recently drawn up by Splashdata and reported in Mashable. Splashdata found that incredibly enough, the leading password in use today is the word “password.” Interestingly, number 4 on the list, the keyboard lineup of “qwerty,” is counterbalanced by item number 23, “qazwsx,” which is the first three rows of keys typed vertically.

The list closely parallels that developed close to two years ago by Imperva, showing that these terms never go out of vogue.

Here is this year’s top 10:

1. password 2. 123456 3.12345678 4. qwerty 5. abc123 6. monkey 7. 1234567 8. letmein 9. trustno1 10. dragon

SmartPlanet colleague Tuan C. Nguyen provides a surprisingly simple technique for deriving a strong password that makes it difficult for hacking programs to arrive at the right brute force combination — employing a symbol in combination with an upper-case and lower-case letter.

Not everyone thinks that strong passwords are the answer, however. In another study on passwords, a Microsoft researcher conducted a cost/benefit analysis of  efforts to encourage stronger passwords, and questions whether the costs of strong password management outweighs the benefits.

(Cross-posted at SmartPlanet Business Brains.)

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

39 comments
Log in or register to join the discussion
  • I like easy passwords because they are easy to remember

    My ZDNet password is 'password' so that I don't forget it.
    toddybottom
    • RE: Security 101: users still using extremely weak passwords

      @toddybottom ,,, Agreed, in some cases. Where it makes no difference to me security or theft-wise in any way, I use a simple password consisting of one of my military ID numbers and nothing else. If there is any personal information of any king involved or I am not sure, then I use a strong password consisting of punctuation, letters, numbers (never at the end), ALT-NUM combos and something else I'll keep to myself that most people don't know works and doesn't work on all web sites. AND, they are memorable because I work with combinations of the same data but diggerent lengths and placements, just in case I'm away and can't recall the PW.
      Not benig Fort Knox, I also keep my passwords and what they're for in a windows encrypted file on a computer NOT connected to the 'net in any way but backed up on the same schedule, meaning everything is available on the same backup drive as long as I've also backed up the key certs to the same place, none of which have names that related to passwords or computers ini any way. Pretty simple once it's implemented and automated.
      tom@...
  • RE: Security 101: users still using extremely weak passwords

    Any password that appears on a list of passwords is going to be insecure; if number one were 'JEdgarHoover' or 'Px!95$$QQ' then they'd be equally insecure as 'Password', since likely everyone would know to check it; unless passwords were chosen perfectly randomly, which they aren't. What would be more interesting would be to see if the percentage of overall passwords that were ones on this list was increasing or decreasing over time. Are fewer people using 'Password'? More? It's hardly news that *some* people are still using extremely weak passwords.
    xxyl
    • RE: Security 101: users still using extremely weak passwords

      @xxyl ,,, As long as routers, gateways, etc ship with those for default passwords, and even some programs, they'll never go away.
      Newbies are as newbies do.
      tom@...
  • RE: Security 101: users still using extremely weak passwords

    Hehe, "monkey".
    statuskwo5
  • RE: Security 101: users still using extremely weak passwords

    What good does it do to "force" strong passwords when a sizable number of
    users will just jot their username and password down on a sticky-note, attached
    to the monitor?
    wizard57m-cnet
    • RE: Security 101: users still using extremely weak passwords

      @wizard57m@... That's easy - when I see one of my users do that, I change their password to a 26 character alphanumeric with special keys. Most users only write it down once... Nice bit is the CEO backs me up, because his written, weak password was used to break into our financial system several years back by a disgruntled employee.

      BTW, the list left out money, sex and god.
      smashandgrab
      • ...slightly more complicated

        @smashandgrab

        Ok, after you change it, what then? That strong password you changed it to is only as effective for as long as until they change it to something like mentioned above, or until they write their next password on the next line of their Post-It
        UrNotPayingAttention
    • RE: Security 101: users still using extremely weak passwords

      @wizard57m@... A lot if no one else ever gets a look at their computer room. The 'net is the common theft point source and always will be, not mom, dad or son/daughter, etc...
      tom@...
  • RE: Security 101: users still using extremely weak passwords

    tbh my visa and bank card both use "1234" as pin ... online my password is usually "azerty"... I mean, I always forget passwords otherwise so I prefer to keep it simple !
    DJK2
    • RE: Security 101: users still using extremely weak passwords

      @DJK2
      That's OK in a lot of places; pretty stupid though if you keep any personal/banking etc. info on your machine and the like.
      tom@...
  • RE: Security 101: users still using extremely weak passwords

    Don't forget kid's names, pet's names, spouse's names, sport teams, and easy to figure out variations of those themes such as "Michigan1". I guarantee all the above are more popular than "password" or "monkey"!
    predmond
  • RE: Security 101: users still using extremely weak passwords

    I think they are wrong. I bet the #1 password is the enter key.
    FantaStyx
  • Can't Remember Your Password? Write The Bloody Thing Down!

    It's OK to write down your password. You know how to keep your cash, credit cards and house keys safe so they don't get lost or stolen, right? So keep your written-down passwords in the same place. Problem solved!
    ldo17
    • RE: Security 101: users still using extremely weak passwords

      @ldo17

      And what happens when someone breaks into your home, gets all your passwords, etc.?

      The best thing to do is besides on https websites, use a weak password.

      After all, who cares if someone 'hacks' into my g-mail account, I use it for almost NOTHING!
      Lerianis10
      • RE: Security 101: users still using extremely weak passwords

        @Lerianis10
        My G-mail account? Same password as Google Docs -- where I keep EVERYTHING! Better believe that one is as secure as my bank account.

        Need a different example of harmless accounts where weak passwords don't matter. ZDNET comes to mind.

        Actually my weak password is used or 90% of the things I do. Does simplify things.

        Looking for a strong password? How about the phone number of your first girlfriend? Or anything from your childhood that's not easily associated with you today.
        jimnice@...
      • RE: Security 101: users still using extremely weak passwords

        @Lerianis10

        Except all your contacts associated with Gmail will start getting spam from you. They may be less happy.
        jorjitop
    • Great idea!

      @ldo17
      Why didn't I think of that?
      jonc2011
  • RE: Security 101: users still using extremely weak passwords

    Another undesirable location for an important password is a wallet or purse. Got an overstuffed file cabinet nearby? Maybe file it in the manila folder that is labeled "House Plumbing" or "Paid Bills". Have lots of books nearby? Bury it in "An Amateurs guide to EZ auto repair." There are lots of places if you just look around.
    nikacat
    • RE: Security 101: users still using extremely weak passwords

      @nikacat, I once worked at a place where lots of people had some sort of "XYZ a day" calendar. They would take the ones they liked and pin them to their cubicle wall. I would tell them to take the quote for the particular day and use that to generate their password. Then they could post the quote in public -- with all the other quotes -- and no one would be the wiser.

      "For the LORD is good and his love endures forever;" Psalm 100:5 becomes "FtLig&Hlef1005" or even "Ps1005NIV"
      Muzhik1