The stupidest password mistake you can make is to use an obvious password such as a sequence of consecutive numbers or the word ‘password’. Data from the recent hack of Adobe’s customer database demonstrates that stupidity remains rampant.
Stupidity picture from Shutterstock
Analyst Jeremy Gosney of the Stricture Consulting Group analysed a dump file of the leaked passwords, which are now thought to number at least 38 million. These were the 20 most common in his analysis:
- 123456
- 123456789
- password
- adobe123
- 12345678
- qwerty
- 1234567
- 111111
- photoshop
- 123123
- 1234567890
- 000000
- abc123
- 1234
- adobe1
- macromedia
- azerty
- iloveyou
- aaaaaa
- 654321
While we’d always advise anyone whose passwords had been potentially compromised to change them, no-one should have been using these passwords in the first place — and ideally IT pros should be setting up systems that block the most obvious offences.
[via BBC]
Comments
8 responses to “Adobe Hack Proves Dumb People Still Use Terrible Passwords”
Not a single symbol amongst them!
Not even a pass@word1 – I am appalled! That is the most secure password I have ever seen. (According to fabrikam/contoso employees, apparently).
Most of these are probably just shill accounts.
Well why does Adobe accept the creation of such passwords in the first place? Most everywhere has some password creation criteria these days (eg. alphanumeric with at least one uppercase letter and at least one number and/or symbol.)
Educate people about the quality of their password, but don’t enforce it on them – If I’m just setting up a throw-away account, there’s no point creating a unique complex password. A minimum password length is mostly just to make brute forcing a web service sufficiently low-yield.
Assuming the passwords are hashed and stored correctly (and in this case they weren’t), then just focus on keeping your services secure. A user is responsible for their chosen level of security.
Best site for a randomised password:
https://www.grc.com/passwords.htm
Macromedia, there’s a name I haven’t heard in years!
I think my uncle knows it. He said it was dead.
Nice.