Saturday, January 23, 2010

And the loser is...

Remember the RockYou breach I told you about back in December? There may have been a beneficial result. Since the hacker published all 32,000,000 passwords he stole, it was possible for the people at Imperva to analyze them and find out what the most common passwords are. Of course, being the most common, they are the worst possible passwords to use. The free report is available here.

The report is worth reading, if only for the top 20 list. Here's a sample:

#1 123456

I think that is the first thing tried after 'password' when trying to guess passwords

#20 QWERTY

And this is probably about #10 on the list of passwords to try when guessing.

Remember to use strong passwords. Imperva estimates that it would be possible for an attacker to crack 1000 RockYou accounts every 17 minutes. That would be all 32,000,000 accounts cracked in less than 2 weeks.  Ok, not all accounts, because there were some strong passwords among them.

Strong passwords consist of at least 8 characters and are made of upper and lower case letters, numbers and special characters. Make all your passwords strong passwords.