Study of the Worst Passwords Reveals People Are Not Paying Attention

Every year someone does a study to find out the worse passwords on the web for a given year. For the first few months of this year, Salted Hash looked at over a quarter of a million passwords and let out a big sigh. No matter how much discussion surrounds how important it is to have strong passwords, how to create them, how it’s important to change them regularly, and to have different ones for each online account, it doesn’t seem to get through. In fact, the number one password in 2013 was exactly the same as the number one password they found; and it's terrible.

Salted Hash collected phishing logs that the company found on the Dark Web. The sample they examined included companies such as Apple, Microsoft, Google, PayPal, and social media and banking account login details. They hoped to see improvements, but alas, they were sorely disappointed.

People go to great lengths to make sure their homes are protected; deadbolt locks, security systems, big and noisy dogs, for example. But when it comes to protecting online accounts, they seem to think it’s not as important. Yet, if someone with bad intentions gets your online banking or PayPal credentials, the damage could be very significant. It is an intrusion into your financial home.

Take some time to create strong passwords and phrases and to change them regularly. Do this at least quarterly, if not more often. Reusing the same credentials for several years means that if stolen data shows up on the Dark Web two, three or more years after it was stolen, as it did with LinkedIn, someone could still get into your account.

And before you just toss aside the significance of someone getting into your LinkedIn account, think about some of the information that is included in your profile:
•Your name
•Your title or function
•Your city
•Your employer
•Your previous employers
•Referrals that may have useful details
•Your hobbies
•Your email address(es)
•Your connections and often their relationship to you

While this is public, it also makes you trustworthy. And if a cyber criminal wanted to go spear-phishing, he or she would have a lot of information with which to start targeting your connections right there inside LinkedIn from your account.

Of course we don’t need to tell you what can happen if someone gets your four-year-old login credentials to your bank account. So take some time to change it. Use at least eight characters, upper and lower case letters, numbers, and special characters.

The top five passwords in Salted Hash’s list were very uncreative. They included “123456789” and 3 variations of it, but the numbers were still in order. The only diversion off of this path was in the number 4 spot. That was “filosofia.” So, don’t delay. Change your passwords if you haven’t done it within the past three months. Go ahead. Do it right now. We’ll wait.

© Copyright 2016 Stickley on Security