There is clear evidence that people choose simple passwords for comfort rather than security. Two events have shown that most people do not make the necessary effort to protect their data online.
Back in October, Adobe announced that their servers and system had been infiltrated and more than 38 million user accounts an passwords had been stolen. Analysis of the data stolen from Adobe revealed that the most common password user by account holders was “123456”. Approximately 1.9 million account holders used this password.
Another event that recently happened was the discovery of a trove of 2 million social media passwords, including Facebook, Google+, and twitter accounts, by security experts Spiderlab. They discovered the trove residing on a criminal cyber network. Upon analysis of the data, it was evident that the vast majority of passwords were “more terrible passwords than excellent ones, more bad passwords than good, and the majority, as usual, is somewhere in between in the Medium category.” Spiderlab is working with the social media network who are notifying all users that their account details have been compromised.
From analysis of the trove it is clear that individual do not put too much effort when selecting passwords. Most people will choose a password that are easy to remember rather than secure.
Below is a list of the 20 most popular passwords in the hands of the Adobe hack (Spiderlab’s top 10 is similar). Any person who has chosen these passwords is essentially inviting hackers for a free lunch and asking them to steal their data.
- 123456
- 123456789
- password
- admin
- 12345678
- qwerty
- 1234567
- 111111
- photoshop
- 123123
- 1234567890
- 000000
- abc123
- 1234
- adobe1
- macromedia
- azerty
- iloveyou
- aaaaaa
- 654321
If you have chosen any of the passwords listed above, it is highly recommended that you change your immediately. Here are a few tips on how to create and choose a strong password.
What not to do when choosing a password
Do not choose a password based upon personal data like your name, your username, or other information that one could easily discover about you from such sources as searching the internet.
Do not choose a password that is a word, proper name, name of a TV show, keyboard sequence, or anything else that one would expect a clever person to put in a “dictionary” of passwords.
Do not choose a password that is a simple transformation of a word, such as putting a punctuation mark at the beginning or end of a word, converting the letter “l” to the digit “1″, writing a word backwards, etc. For example, “password,123″ is not a good password, since adding “,123″ is a common, simple transformation of a word.
Do not choose passwords less than 8 characters long or that are made up solely of numbers or letters. Use letters of different cases, mixtures of digits and letters, and/or non-alphanumeric characters.
The best method for choosing passwords
The single best method for generating passwords is to do the following:
Make up a sentence you can easily remember. Some examples:
- I have four nephews: John, Edward, Linda, and Carol
- I would like to eat John and Darma’s banana cake.
- No, the model of my first car was a Toyota!
Now take the first letter of every word in the sentence, and include the punctuation. You can throw in extra punctuation, or turn numbers into digits for variety. The above sentences would become:
- Ih4n:JeLc
- Iwl2eJaDbc.
- N,tmomfcwaT!
This method of choosing a password is fairly secure and at the same time easy to remember.
Why it is important to have strong passwords
It is common practice for hackers to attempt to break-in to systems and guess people’s passwords. Sometimes they do succeed, and when they do, more often than not, it is because individuals are using weak or poor passwords. Once your account user details have been compromised can result in significant downtime, lost work, and loss of privacy (for example, if you store your credit card details or banking details on your computer). It could also lead to identity theft which, in turn, could lead to bad credit report and take years to resolve and restore your credit ratings. Hackers often try to install keyboard sniffers which permit them to harvest additional information and passwords and place more machines at risk. Hackers also conduct dictionary attacks against a host’s password database and try out tens of thousands of potential passwords per second.
Good security advice and tips
- Never believe that you have won a lottery because your email address was chosen.
- Be suspicious of any e-mail that comes from someone you don’t know personally.
- Never click on a link in a suspicious e-mail.
- Never give social security numbers, account numbers, passwords, or driver’s license numbers over the internet or in an e-mail.
- Safeguard use of credit cards on the internet for purchases. Only buy from businesses you know. When submitting credit card information make sure that the Web site is secure.
- Make sure your browser is up to date and apply security patches as they become available.
- Sign up for the Do Not Call list.
- Check your credit report at least once a year.
- Pay close attention to your bank statements and financial affairs.
- Avoid using public terminals (such as Internet cafes) for Internet banking or sensitive business work.
- Be aware of the higher risk of interception during a wireless connection. Only make use of wireless hotspots if you are certain of the integrity of the connection.
- Install and update anti-virus and spyware programme and perform regular system scans.
- Never access the site via a link. Rather type the address into the browser address bar or save the address as a ‘Favorite’.
- While you are logged into your online bank account, do not open any other websites. Only have a single browser window open and remember to logout.
- When you complete your online banking tasks for example, log off, clear browser cache, and close the browser window.
- Choose a User ID and password that cannot be easily guessed and change these on a regular basis.
- Always update your computer software.
- Check for the padlock in the lower right of your browser window (it indicates a secure site). You can click on this padlock to verify the site ‘owners’.
- Never provide your password over the Internet (by email) or over the telephone to anyone.
Source: Adobe.com, FNB.co.za
© 2013, My Dream Course. South Africa – My Dream Course. All rights strictly reserved. No part of this website may be reproduced or transmitted in any form or by any means, electronic, or mechanical, or recording or stored in any retrieval system, without the written permission of the editor. However, direct links to the site or articles may be used.
Follow Us!