02/03/2016

The Worst Passwords of 2015 Revealed

by Neil Farquharson

Posts

By now, our regular readers know how much I love to study the follies of the human condition: how intelligent people sometimes do the silliest of things. For example, the police who searched the home of Adam Magee for a robber and, when finding no-one, declared the house clear and then left - the robber was hiding under the bed. coinsThen there is poor Gregorio Iniguez, once the general manager of the Chilean mint. The agency that presses Chilean coins minted 1.5 million 50-peso coins with Chile spelled “CHIIE.” The blunder cost Señor Iniguez his job, and the coins remain in circulation to this day. Then there are the improbably obvious passwords that people use to “protect” their on-line accounts. You may remember this blog from last February when I reported on SplashData’s list of the worst passwords of 2014. It caused so much frivolity around the office here at Zix Central, I thought I’d review SplashData’s new 2015 list. Still at Number One this year, we have the world’s favorite password: 123456. While at number three comes 12345678, closely followed by 123451234567891234 and 1234567 – can you see a pattern emerging here? More interesting entries, still in the top 25 worst passwords of 2015, are password, qwerty, login and that other old favorite, baseball. And I am particularly pleased to see new entry, starwars, being a big fan myself. It is all well and good agreeing on the importance of security, but people need access to their accounts, their information, their data NOW! For most employees in the workplace being productive means there is no time left for complex, non-value-adding tasks. Tasks such as keeping a list of difficult to crack passwords. This is why, as much as possible, security should be automated. In general, users are getting better at creating passwords. Brute force attacks used to go through the dictionary - aardvark, abacus, abandon and so on – and people’s names such as Abagail, Abbi, Aby etc. We countered this by adding a special character and a number to create passwords such as Joseph$3. The trouble is that password cracking algorithms now routinely break these passwords too. They expect a word or name followed by a character followed by a one to four digit number, hence to protect yourself you need to rearrange your passwords. For example, bring the numbers to the beginning instead of the end, salt the password throughout with special characters; and don’t use names, place names or English words. But do pick something that is easy to remember. For example, pick a favorite song for which you know some of the lyrics – Pharrell Williams, Taylor Swift, Andrea Bocelli, it’s up to you. Pick a memorable date too and go from there. For my example, I am picking the U.S. National Anthem, adopted in 1931. I shall put the numbers at the beginning, but substitute the character ! for the ones to give !93!. Next I’m going to take the first letter of the first few words: O say can you see, by the dawn's early light. However you need to insert a factor unique to you – something on-one else can guess. As an example, when I was very young, I’d mishear the national anthem being sung on television. I thought people were singing about a young man named José who had vision problems. Hence I thought I heard: José can you see, by the dawn's early light. Thus for my example, the password I will never forget is !93!Jcysbtdel. And now it is your turn……

Posted: 2/3/2016 12:00:00 AM by Global Administrator | with 0 comments
Filed under: Data, Passwords, Privacy, security


Recent Posts

11/21/2017

The Best Defense is Good Offense When Protecting Your Inboxes

View Blog Post

11/14/2017

How to Spot BEC Attacks and Best Limit Their Success

by Guest Blogger Michael Osterman

View Blog Post

11/01/2017

Why Google’s Transparency Report Reveals Only the First Step Toward Email Security

by Geoff Bibby

View Blog Post