The last year has taught us lessons on digital security on multiple occasions. Be it the case of constant attacks by the Lizard Squad on PlayStation Network and Xbox Live or hackers leaking a comprehensive Snapchat database, the message has been loud and clear: nobody on the internet is ‘safe’. You would expect people to be extra cautious about their security as a result, right? SplashData has released its list of the most common passwords on the internet in 2014. Trust me, it tells a completely different tale; one that of carelessness and laziness.
Let’s amuse ourselves with the rather embarrassing list:
- 123456
- password
- 12345
- 12345678
- qwerty
- 123456789
- 1234
- baseball
- dragon
- football
- 1234567
- monkey
- letmein
- abc123
- 111111
- mustang
- access
- shadow
- master
- michael
- superman
- 696969
- 123123
- batman
- trustno1
Believe it or not, the password, ‘password’ took first place in the list of most common passwords in 2013. It might be a minor consolation for some to see that people have resorted to typing numbers instead. Interestingly, eight of these passwords in the list are all integers and a few others that are alphanumerical passwords.
There is no denying that the password system requires an overhaul but its baffling to see people putting their security at risk like this. It makes one question how difficult and time-consuming is it exactly to come up with a more ‘complex’ password that doesn’t straight up spell ‘password’, ‘dragon’ or ‘monkey’.
For the love of all that’s holy, you could even pick these absurd passwords and twist them in a way they are not so obvious. For instance, those who are hell bent on using ‘monkey’ could perhaps spell it backwards and add random numbers. Something like this: ‘y0e9k8n7o6m’.
Moreover, those adamant on using numbers could add random alphabets in there to make it hard to hack. For instance: ‘u1h2g3k4l5’. Remember, this is the least you can do to save your identity from being compromised. If you are so frivolous about it all, you are simply inviting a hacker in your territory.
What to expect from common people?
Ummmm, common sense :p
well said. please also add gonawazgo in the list
that’s why all of my passwords are in Roman sindhi.. :D crack that Baba Bholro..
Sorry but you lose. I read an article yesterday where one person had a phrase (not one word but several words) from a poem in Afrikaans and his account was safe for years but finally it was hacked. It was the passphrase to an online Bitcoin wallet so he lost lots of money.
Do you think your roman Sindhi will save you??? Passwords are simply not enough.
yaar Shaid Saleem payee!! I was being cynic. but to go into argument re Passwords simply aren’t enough! then what you purpose we do? clearly not all web spheres support “PHYSICAL SECURITY OPTIONS” i.e. eye scan or facial scans or Bio-metric etcetra.. You’ve to give your best shot to atleast make hackers do some effort to bypass your security no?
Its because now a days every tom, dick and harry website needs a password, and it is not easy for a normal to keep a track of all passwords with their relevant websites. And I would never make a universal password for my facebook or bank account and any website like ProPakistani. I am here to read some good stuff but don’t want to share my important password, so just to log in i insert 123456 sometimes or whatever. Don’t try this password, it was just an example :P
There are many password generators and storage systems. Some of them work with Chrome or Firefox in browsers. Some can be installed on your phones
Try 1Password for example.
That’s why I use Lastpast, all passwords are well protected with 50-100 complicated characters.
You have false security. Believe me, your password can be broken if the server does not use something like PBKDF2 to store your encrypted form of passwords.
If you want real security use TOTP or HOTP:
Time-based One-time Password Algorithm
It is a FREE and OPEN standard and you can get clients for it that work on your desktop computer or on your phone (Android iPhone probably also Windows mobile). Anyone can implement it. It does not take hard to implement on server as well. In fact, even Unix services like SSH can be protected with TOTP. Websites can get plugins to support it, I have seen WordPress plugins for example.
It is the same standard used by 2FActor Authentication like what Google uses.
Your idea sounds good but unfortunately I’m unable to understand how it is implemented. I haven’t ever heard of TOTP or HOTP words in my life :D. If I don’t have an Android phone at a time to log in on a website then what I will do? I have read many articles about that but I didn’t find a single desktop software that can perform this technique as you mentioned. Does it has the same speed to log in on a website like Lastpass.
I want to know the followings things:
1. Which software is required to implement the codes?
2. Does it work without a phone?
3. HOTP in which password doesn’t change whereas TOTP seems more secure because it alters password automatic, but how does it change automatic even If I sleep? even If I haven’t an Android phone?
4. Are its passwords protected in a cloud base server like Lastpass or somewhere else?
5. Is it important to have an Android or Windows phone to use this exotic technology?
Your idea sounds good but unfortunately I’m unable to understand how it is implemented. I haven’t ever heard of TOTP or HOTP words in my life :D. If I don’t have an Android phone at a time to log in on a website then what I will do? I have read many articles about that but I didn’t understand the logic as well as I didn’t find a single desktop software that can perform this technique as you mentioned. Does it has the same speed to log in on a website like Lastpass.
I want to know the followings things:
1. Which software is required to implement the codes?
2. Does it work without a phone?
3. HOTP in which password doesn’t change whereas TOTP seems more secure because it alters password automatic, but how does it change automatic even If I sleep?
4. Are its passwords protected in a cloud base server like Lastpass or somewhere else?
5. Is it important to have an Android or Windows phone to use this exotic technology?
6. Can it work as a realtime to put my password into the box?
Create your own headlines!! That’s copy paste from Mashable and other tech blogs.
i want to know where these passwords been attained from, i use simplest of the passwords on things that doesn’t need security in my opinion, i want ease.
for example major emails sites doesn’t accept 6 digits or just letters.
i use 123456 / 12345678 for things like netflix / amazon app store and things like that, even disqus, if these passwords are ending up in that security list. than this security list is not as conclusive or stupid as it seems now. i actually wanted them (passwords) simple and stupid.
a common password among new user of facebook 123pakistan,123 pak, pakistan123, impakistani :P
ah han,..
but you missed my password that I used as newbie of internet user.
“abcd1234” :D
Do not try to remember passwords: anything memorable is also predictable. Use randomly-generated passwords and write them down, or use a password safe.