We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

With weak passwords continuing, blame turns to security pros

"Jesus" was among the new entries in SplashData's annual list of worst passwords used on the Internet, as people apparently looked toward a higher authority to protect them against hackers.

Other equally unsafe passwords that made their debut Wednesday on the top 25 list of 2012 were ninja, mustang, and password1. Unchanged from last year in the top three slots were password, 123456, and 12345678, respectively. Rounding out the top 10 passwords were abc123, qwerty, monkey, letmein, dragon, 111111 and baseball.

SplashData, which makes password management applications, bases its list on millions of stolen passwords posted online by hackers. There have been several password hacks this year of high-profile sites, including Yahoo, LinkedIn, eHarmony and Last.fm.

[See also: The 15 worst data security breaches of the 21st Century]

While hacking tools get more sophisticated each year, many cybercriminals still prefer the low-hanging fruit when it comes to passwords. "Just a little bit more effort in choosing better passwords will go a long way toward making you safer online," SplashData Chief Executive Morgan Slain said in a statement.

People's use of guessable passwords has been a continuous threat for years. Many companies today have policies requiring stronger passwords, which often have to be changed every few months.

A 2006 study by the Software Usability Research Laboratory at Wichita State University found the majority of people use many unsafe password practices. They included never changing passwords, using the same one on multiple sites and never changing its complexity, even on an online banking account. More than half used personally meaningful words, such as names of children, pets or street names.

Jeremiah Grossman, founder and chief technology officer for WhiteHat Security, said people's use of weak passwords was not surprising. But rather than blame it on the user, he pointed the finger at information security professionals. "Information security have to take personal responsibility for telling people to do exactly the wrong thing," he said. "We're telling people to make up passwords that are hard for them to remember, but easy for machines to guess."

Rather than have people use random letters, numbers and symbols, Grossman recommends using long phrases that are memorable, such as a favorite line from a movie. "Easy to remember. Much, much harder to crack," he said.

When using words, SplashData recommends separating them with spaces or other characters, such as "eat cake at 8!" or "car_park_city?"

Read more about access control in CSOonline's Access Control section.


IDG UK Sites

Amazon Kindle Voyage release date, price and specs UK: a high-end eReader with Amazon’s best-ever...

IDG UK Sites

Why local multiplayer gaming is rapidly vanishing: we look at the demise of split-screen and LAN...

IDG UK Sites

How to successfully bridge the gap between clients and creatives

IDG UK Sites

How to update your iPhone or iPad to iOS 8: including how to install iOS 8 if you don't have room