As more and more people get online to chat, play, shop and bank, there never has been a more important time to be secure on the internet. Choosing a password is one decision that should be made very carefully, as cyber-criminals and website administrators continue to battle it out over stealing or safeguarding internet users’ details. Yet it seems that not everyone got the memo, as Irish news site thejournal.ie discovers.
Most of us are guilty of using passwords that may be easy to remember but also easy for a hacker or disgruntled partner to crack. However some password choices really take the biscuit, as thejournal.ie reporter Michelle Hennessy uncovered. Unbelievably many still go for far from fail-safe choices like ‘123456’ and ‘password’. Slightly more witty surfers have opted for eclectic picks such as ‘monkey’ and ‘letmein’ to access their accounts.
Every year, mobile data company Splashdata releases a special list of the top easy-to-break passwords used by the public. All their data comes from lists of passwords placed online by hackers who have broken into websites. Last year’s list was influenced by a daring raid on the servers of software company Adobe in which several thousand passwords were leaked onto the Web.
The list of the worst passwords to use is as follows:
Splashdata released some valuable advice to go with their top 20 worse possible choice of passwords. The company has recommended that users think up passwords with at least eight characters, and ideally aim to create a ‘pass-phrase’ rather than just a single word, using other characters and underscores to separate the words. Use a variety of characters and numbers to create your password, the more complicated, the better. Also avoid using the same password combination for multiple accounts. If a hacker gains access to one of your accounts, then this will only make life easier for them when they realise that the key fits all the locks, and this can cause untold online damage and financial losses. It also goes without saying that if one of your passwords appears in the above list, or you have one that is just as simple, you are strongly advised to change it immediately.
Be careful when surfing, as some websites and downloads carry malware and trojans that can log keystrokes and send your password to a waiting hacker. Make sure your firewall is fully turned on and check that you have a current and updated anti-virus software package present. Even if you use a common word such as ‘password’ and change the ‘o’ to a zero for example, Splashdata warns that hackers could still get in. The CEO of the company, Morgan Slain, said “Hackers can easily break into many accounts just by repeatedly trying common passwords”. Indeed a select, but growing number of enterprising password breakers have made use of customised hacking programs that can flick through an entire dictionary of words before finding the right one, often in a matter of minutes.
“Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.” Slain added.
Hackers in search of easy money and Dick Turpinesque status on the information superhighway have already made headlines last year. In December, two million passwords belonging to Facebook, Gmail and Twitter accounts were uncovered by an unknown group of hackers using a keyword logging virus and a Dutch server. The compromised accounts, which also included 6,000 remote log-ins and 41,000 credentials used to connect to File Transfer Protocol (FTP, the standard network used when transferring big files), were being illegally accessed as early as October. The sites were forced to reset all the compromised passwords.
Also in that same month, American supermarket chain Target became the victim of a serious hack in which the credit and debit card details of 40 million online grocery shoppers were swiped. That was larger than the entire population of neighbouring Canada. Earlier in 2013, dating site Cupid Media had 42 million names, emails and ‘plaintext’ passwords lifted from its profiles. The hoarded cache of personal information was found by cyber investigators located on the same server as other stolen details from Adobe, PR Newswire, and the National White Collar Crime Center. This incident was described by technology news outlet Ars Technica as ‘one of the bigger passcode breaches on record’. The Cupid Media user records contained the usual assortment of weak passwords. More than 1.9 million accounts were protected by ‘123456’. Another 1.2 million used ‘111111’.
Half-Eaten Mind on Twitter LINK
TheJournal.ie on Twitter LINK
“Weird Wide Web: Bad passwords, printed chocolate and creepy human emojis” – Michelle Hennessy, thejournal.ie/Journal Media (26 January 2014) LINK
“’123456′ tops list of worst passwords of 2013” – Quinton O Reilly, Business ETC/Journal Media (20 January 2014) LINK
“New study finds the 25 worst internet passwords” – thejournal.ie/Journal Media (20 November 2011) LINK
“2 million Facebook, Gmail and Twitter passwords stolen in massive hack” – Jose Pagliery, CNNMoney/Cable News Network. A Time Warner Company (4 December 2013) LINK
“2013 was a very hacked year” – Dave Neal, The Inquirer/Incisive Media Investments Limited (26 December 2013) LINK
“Hack of Cupid Media dating website exposes 42 million plaintext passwords” – Dan Goodin, Ars Technica/Condé Nast (20 November 2013) LINK
“What is internet security?” – BBC Webwise Learning and Knowledge Beta, BBC (6 June 2013) LINK