By: Shawn Knight | TechSpot
You would think that with all of the newfound attention that online privacy generated over the course of 2013, people would perhaps rethink some of their mundane password choices to better lock down their online accounts. Think again. A list of the top 25 most common passwords of last year proves we're just as naive as ever.
The list from SplashData was compiled from millions of stolen passwords last year that were ultimately made public. The list was heavily influenced by the massive Adobe breach in October which explains some of the newcomers and for the first time ever, "password" was dethroned as the most common password ... by "123456."
Without further ado, we present the top 25 most common passwords of 2013.
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000
In addition to "adobe123" and "photoshop" security experts believe that "123456" and "123456789" were also top choices among Adobe users. As SplashData CEO Morgan Slain reminds us, the fact that "adobe123" and "photoshop" are on the list at all should be a good reminder that basing your password on the name of the website or application you are accessing is not exactly a bright idea.
The TNS Group is a leading technology services company located in Stamford, CT committed to delivering IT innovation and excellence!
Monday, January 20, 2014
Thursday, January 16, 2014
2 Million Passwords For Facebook, Yahoo, Google, Twitter Stolen
By Amy Lee | CruxialCIO
Use Facebook, Yahoo, Twitter, LinkedIn or Google?
It might be time to change that password. According to a post by security firm Trustwave, more than 2 million accounts have been compromised by a Pony botnet controller, a network of criminally controlled malware-infected computer systems designed to steal passwords and other sensitive information.
The trove of user information includes 1.58 million Website logins, more than 300,000 email account logins and thousands of other credentials. Facebook accounted for more than half of the information stolen, or 318,121 passwords. Yahoo followed with 59,549 passwords, Google with 54,437 passwords, Twitter with 21,708 passwords and LinkedIn with 8,490 passwords.
Also on the list? Payroll service provider ADP, with close to 8,000 passwords stolen. Despite information suggesting that close to 100 percent of attacks took place in the Netherlands, the presence of two other Russian social networks indicates that “decent portion of the victims compromised were Russian speakers,” according to Trustwave.
The Dutch IP address, meanwhile, seems to have been used as a gateway between infected machines and the hacker’s control center. The technique is commonly used to keep the real control server hidden from authorities. Still, at least 92 countries appear on the IP geolocation list, making it likely that attacks were spread across the world.
And all across the world, people are using bad passwords. Trustwave analyzed the 2 million passwords only to find that close to 16,000 users rely on the password “123456.” In second place, with close to 5,000 passwords, the slightly more complicated "1234566789." Other popular passwords include "password," "admin” and other variations on a sequential series of number beginning with one, including more than 1,000 users who picked "1" as their password.
More people pick "terrible" passwords — those with less than four characters consisting of only letters or numbers — than "excellent" ones, which include all four character types (numbers, letters, capitals and symbols) and are longer than eight characters. Nearly half are "medium" while another 28 percent are "bad." Since 2006, the top 10 most common passwords have increased as a percentage of all passwords.
"If you don't enforce a password policy, don't expect your users to do it for you," the Trustwave post said.
What to Do: Set passwords to be more than eight characters and/or more than four character types. Make sure all security monitoring software is patched and up-to-date. Ensure that corporate users do not access suspicious Websites on the network by setting up whitelisting or blacklisting of Websites or other forms of browsing control.
Use Facebook, Yahoo, Twitter, LinkedIn or Google?
It might be time to change that password. According to a post by security firm Trustwave, more than 2 million accounts have been compromised by a Pony botnet controller, a network of criminally controlled malware-infected computer systems designed to steal passwords and other sensitive information.
The trove of user information includes 1.58 million Website logins, more than 300,000 email account logins and thousands of other credentials. Facebook accounted for more than half of the information stolen, or 318,121 passwords. Yahoo followed with 59,549 passwords, Google with 54,437 passwords, Twitter with 21,708 passwords and LinkedIn with 8,490 passwords.
Also on the list? Payroll service provider ADP, with close to 8,000 passwords stolen. Despite information suggesting that close to 100 percent of attacks took place in the Netherlands, the presence of two other Russian social networks indicates that “decent portion of the victims compromised were Russian speakers,” according to Trustwave.
The Dutch IP address, meanwhile, seems to have been used as a gateway between infected machines and the hacker’s control center. The technique is commonly used to keep the real control server hidden from authorities. Still, at least 92 countries appear on the IP geolocation list, making it likely that attacks were spread across the world.
And all across the world, people are using bad passwords. Trustwave analyzed the 2 million passwords only to find that close to 16,000 users rely on the password “123456.” In second place, with close to 5,000 passwords, the slightly more complicated "1234566789." Other popular passwords include "password," "admin” and other variations on a sequential series of number beginning with one, including more than 1,000 users who picked "1" as their password.
More people pick "terrible" passwords — those with less than four characters consisting of only letters or numbers — than "excellent" ones, which include all four character types (numbers, letters, capitals and symbols) and are longer than eight characters. Nearly half are "medium" while another 28 percent are "bad." Since 2006, the top 10 most common passwords have increased as a percentage of all passwords.
"If you don't enforce a password policy, don't expect your users to do it for you," the Trustwave post said.
What to Do: Set passwords to be more than eight characters and/or more than four character types. Make sure all security monitoring software is patched and up-to-date. Ensure that corporate users do not access suspicious Websites on the network by setting up whitelisting or blacklisting of Websites or other forms of browsing control.
Subscribe to:
Posts (Atom)