Adobe Hack Proves Dumb People Still Use Terrible Passwords

The stupidest password mistake you can make is to use an obvious password such as a sequence of consecutive numbers or the word 'password'. Data from the recent hack of Adobe's customer database demonstrates that stupidity remains rampant.

Stupidity picture from Shutterstock

Analyst Jeremy Gosney of the Stricture Consulting Group analysed a dump file of the leaked passwords, which are now thought to number at least 38 million. These were the 20 most common in his analysis:

  1. 123456
  2. 123456789
  3. password
  4. adobe123
  5. 12345678
  6. qwerty
  7. 1234567
  8. 111111
  9. photoshop
  10. 123123
  11. 1234567890
  12. 000000
  13. abc123
  14. 1234
  15. adobe1
  16. macromedia
  17. azerty
  18. iloveyou
  19. aaaaaa
  20. 654321

While we'd always advise anyone whose passwords had been potentially compromised to change them, no-one should have been using these passwords in the first place — and ideally IT pros should be setting up systems that block the most obvious offences.

[via BBC]


Comments

    Not a single symbol amongst them!

    Not even a [email protected] - I am appalled! That is the most secure password I have ever seen. (According to fabrikam/contoso employees, apparently).

    Most of these are probably just shill accounts.

    Well why does Adobe accept the creation of such passwords in the first place? Most everywhere has some password creation criteria these days (eg. alphanumeric with at least one uppercase letter and at least one number and/or symbol.)

    Last edited 06/11/13 11:19 am

      Educate people about the quality of their password, but don't enforce it on them - If I'm just setting up a throw-away account, there's no point creating a unique complex password. A minimum password length is mostly just to make brute forcing a web service sufficiently low-yield.

      Assuming the passwords are hashed and stored correctly (and in this case they weren't), then just focus on keeping your services secure. A user is responsible for their chosen level of security.

    Best site for a randomised password:

    https://www.grc.com/passwords.htm

    Macromedia, there's a name I haven't heard in years!

Join the discussion!

Trending Stories Right Now