We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

With weak passwords continuing, blame turns to security pros

"Jesus" was among the new entries in SplashData's annual list of worst passwords used on the Internet, as people apparently looked toward a higher authority to protect them against hackers.

Other equally unsafe passwords that made their debut Wednesday on the top 25 list of 2012 were ninja, mustang, and password1. Unchanged from last year in the top three slots were password, 123456, and 12345678, respectively. Rounding out the top 10 passwords were abc123, qwerty, monkey, letmein, dragon, 111111 and baseball.

SplashData, which makes password management applications, bases its list on millions of stolen passwords posted online by hackers. There have been several password hacks this year of high-profile sites, including Yahoo, LinkedIn, eHarmony and Last.fm.

[See also: The 15 worst data security breaches of the 21st Century]

While hacking tools get more sophisticated each year, many cybercriminals still prefer the low-hanging fruit when it comes to passwords. "Just a little bit more effort in choosing better passwords will go a long way toward making you safer online," SplashData Chief Executive Morgan Slain said in a statement.

People's use of guessable passwords has been a continuous threat for years. Many companies today have policies requiring stronger passwords, which often have to be changed every few months.

A 2006 study by the Software Usability Research Laboratory at Wichita State University found the majority of people use many unsafe password practices. They included never changing passwords, using the same one on multiple sites and never changing its complexity, even on an online banking account. More than half used personally meaningful words, such as names of children, pets or street names.

Jeremiah Grossman, founder and chief technology officer for WhiteHat Security, said people's use of weak passwords was not surprising. But rather than blame it on the user, he pointed the finger at information security professionals. "Information security have to take personal responsibility for telling people to do exactly the wrong thing," he said. "We're telling people to make up passwords that are hard for them to remember, but easy for machines to guess."

Rather than have people use random letters, numbers and symbols, Grossman recommends using long phrases that are memorable, such as a favorite line from a movie. "Easy to remember. Much, much harder to crack," he said.

When using words, SplashData recommends separating them with spaces or other characters, such as "eat cake at 8!" or "car_park_city?"

Read more about access control in CSOonline's Access Control section.


IDG UK Sites

Best January sales 2015 UK tech deals LIVE: Best New Year bargains and savings on phones, tablets,...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

2015 visual trends: 20 leading designers & artists reveal what should be inspiring us in 2015

IDG UK Sites

Mac tips tricks & hacks: 10 things you didn't know your Mac could do