In the latest news that shouldn’t come as much of a shock, the most popular digital password of 2014 is, according to one source, “123456.” Yes. You read that correctly.
Security application development firm SplashData, says a news brief from the Telegraph, recently filed its annual report that lists the worst passwords of the year. In this case, the worst passwords are also the most used, and as a result of compiling data published by hackers this year, it revealed its list of the most popular passwords used within the last 12 months. “123456,” of course, claimed the top spot while “password,” “12345,” and “12345678,” and “qwerty” rounded out the top five.
The list certainly has some bias because the lists that hackers reveal are not a representation of every password online patrons use. However, it should give pause when one considers just how security-minded people are when they create credentials for their online accounts.
Just a link away, in a story the Telegraph printed earlier this year, its writer, Sophie Curtis, showed just how easy it is for hackers to get into personal accounts. Even though she was prepared to meet hackers head-on — she signed an agreement to allow an “ethical hacker” named John Yeo to try to hack her computer — Yeo still found a way into her computer after only a few months. Yeo was able to grab a photo of Curtis through her laptop’s webcam and even took a screenshot of her Gmail account.
Any non-ethical hacker could do even more damage than that. With simple passwords such as the ones listed above, it could be even easier for hackers to find ways into any individual’s account. Curtis showed that there are ways into peoples’ lives without grabbing their passwords outright, but there is no excuse for anyone who makes it a cakewalk with security that’s no better than an unlocked door. “123456” and its compatriots are child’s play. What took months for Curtis’s hacker could take seconds for anyone with a rainbow table or lookup table up against the simplicity of those strings of numbers and letters.
The lesson here is that people need to begin to use password generators such as those contained within password management programs such as Password Safe or KeePass. The “passphrase FAQ” at Ius mentis is also good reading for creating a universal password that will be secure enough to manage the secondary passwords secured in those management programs. Neither those programs nor the FAQ will advocate “123456.” That’s for sure.
Image courtesy of Scott Schiller via Wikimedia Commons