- Sunday, 22 November 2009
- INQ Mobile
- RSS
A successful lawsuit is the one worn by a policeman - Robert Frost
Top passwords are revealed
SECURITY RESEARCHERS looking at the behaviour of those people who were caught by the Hotmail phishers have found out the most common passwords.
Since more than 10,000 people were hacked and their password details revealed on the world wide wibble, it gives researchers a good population study for the use of passwords.
Bogdan Calin of Acunetix grabbed the passwords before the data was wiped.
He found that "123456" was the most commonly used password, appearing 64 times.
Just under half the population used only lowercase letters from "a" to "z" and only six percent mixed alphanumeric and other characters.
The top 20 passwords were Spanish names, such as Alejandra and Alberto, suggesting that the victims were Hispanic. This also suggests that people tend to use either their own name or the name of someone they know.
Nearly 2,000 of the passwords were only six characters long, which made them easy to hack. However the longest, "lafaroleratropezoooooooooooooo" was revealed in the phishing scam so the owner's care was wasted. µ
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
(Well, almost...)
You said it before I could. Now I have to change the combination on my luggage.
So the combination is... one, two, three, four, five? That's the stupidest combination I've ever heard in my life! The kind of thing an idiot would have on his luggage!
(Well, reminded me of Spaceballs anyway...)
Reminded me too...
Except I think Spaceballs was even less secure... Only went to 4.
I can't believe it :) I am one of the 64, hehe.
But here's a catch, its a /dev/null email account I use to give to sites which refuse to serve me stuff without registering, so it's a sink for their spam crap.
I wouldn't be so quick to judge us all idiots, not everyone wants or needs a high level security and policy for every authenticatable piece of asset we have. Hotmail account is definitely not one.
If you want a /dev/null email account, why not use mailinator? Then you dont need a password at all.
HTH.
I think the fact that the most common passwords were 123456 and names says more about the type of person that gets caught out by a phishing scam than anything meaningful about password usage in general. I.e. they are stupid bastards!
....my password is 12345678. So I'm safe, but don't tell anyone : )
Uno, dos, tres, quatorce
I'm assuming this isn't a math article, is it? Is it?
I'm just keeeeeeding! .. it's just a yoke!
Ay, pipa!
Yo Basta! I'm just KEEEEEDING!!!
Thanks for broadcasting my password to everyone, scumbags. Now I need to change my name.
"why not use mailinator? "
It's blocked by some websites where as Hotmail is never blocked from a registration form.
I am surprised t hat 123456 was only used 64 times. I expected a lot more. Are there less idiots then I thought?
If Its So Easy, How Come 2/3 of ALL Microsoft O/S Installs Fail due to BAD Passwoprd or Activation, not Even Over Activated or used In ANY Meaningful Way, Just PLAIN OLD STOLEN.
Each Retail Activation Should Go into User Account with SAY 50 Activation Credits or XMachines w/Unlimited, say 3 credits per.Any Extras Roll Over Because Right now MICROSOFT INC Is Committing thietf Upon Buying Public of Its product.
drasehk
It is only for forums that requires registration to view posts, so nothing lost if they hack my account. Most they can do is try to ruin my rep, but I have none to begin with.
I think the reason it is 123456 is because the minimum length commonly implemented in web apps & forum/bbs systems is 6 chars, and it is easiest to count to 6 using, what else, numbers.
I don't think any of the 123456 accounts were of any importance to the people who owned it.
Courtesy of pwgen:
Uch8ajou tha3Quoa ELo4eifu chah1Sho Ue4aithi Teshai7i Pie1aexo eh7iPh4o
ieTu8rei aeg2Hohs ahFopeu6 aePhi8ae OhPie9ii Cu2oos0p Vohch5vu oungi1iR
lia9Toog Ach9ekah OQuoh7ei ohgoY9ER IFei8ohN aich9Eev aB0oovah Te5iuFoo
And there's plenty more where that came from.
And yes, it’s OK to write down your passwords if you can’t remember them! Just keep that piece of paper safe. You know how to keep your credit cards and your house keys safe, right? So put your passwords in the same place.