A recent study has been released that took a look at over 32 million passwords that were published onto the Internet after a hacker broke into the ROCKYOU.COM website.
This is the first time that a password study of this magnitude was able to be performed, but it did confirm a few things about users and the passwords they choose: PEOPLE ARE NOT PICKING SECURE PASSWORDS FOR THEIR ONLINE ACCOUNTS.
The most common password found online is typically 12345, although the ROCKYOU data had the most common password being 123456, with nearly 1 percent of the ROCKYOU users being that uncreative. Go figure – that extra digit made it that much harder to hack into the critical ROCKYOU website.
The top passwords used by those 32 million ROCKYOU users were:
Further analysis of the password data showed that 20 percent of the ROCKYOU users used a total of 5,000 different passwords. Aside from proving that ROCKYOU users really aren’t that creative or unique, it also shows that anybody who really wanted to hack into the ROCKYOU (or any system, it seems) really doesn’t need a large set of possible passwords to work from in order to break in somewhere.
(That “tigger” is on the list of most commonly used passwords should make Disney think about how little they’ve been promoting Tigger in their merchandise lines. But that is a different post for a different day.)
So what should you do to protect your accounts? The obvious answer is to stay away from any of those most common passwords.
Security experts recommend using a password that is at least 12 characters long, and is a combination of upper- and lower-case letters, and includes at least one number and one non-alphanumeric character. Anything that can’t be found in a dictionary is best.
Some users find that taking a favorite quote or sentence from a book can help, using just the first character from each word as your password. So using Shakespeare’s “To be or not to be, that is the question” as your source, your password would become tbontbtitq.
Throw in some numbers or punctuation (becoming 2bon2bt!tq, for example), and you’ll have a strong password that could withstand an initial hacking attempt and not be found in any common password listings.