IT professionals have long known that most users choose insecure passwords. This fact was proven once again by an analysis of over 32 million passwords—released on the Internet as part of a data breach a RockYou.com. Imperva, a data security firm, analyzed the data and discovered, among other things, that over 290,000 users had a password of "123456".
Here are the top 10 passwords by popularity:
- 123456 - 290,731 users
- 12345 - 79,078 users
- 123456789 - 76,790 users
- Password - 61,958 users
- Iloveyou - 51,622 users
- Princess - 35,231 users
- Rockyou - 22,588 users
- 1234567 - 21,726
- 12345678 - 20,553
- abc123 - 17,542
Imperva's analysis also showed that about 30 percent of users had passwords with six of fewer characters and nearly half of users "used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, an so on)." Considering the above information, can passwords ever be secure? Is it time for a new security mechanism? What should that new authentication mechanism be?
Here are a collection of password resources and discussions from other areas of TechRepublic:
- Gates: Passwords passe
- Gmail password reset options a security hole
- Security 101 - Remedial Edition: Use strong passwords
- Help users create complex passwords that are easy to remember
- How does bad password policy like this even happen?
- Use the Firefox password manager
- Help consulting clients create strong password policies
- Automatically generate and assign strong passwords in Windows XP
- Store passwords with pwsafe
- Removing stored passwords in Windows XP
- Lock IT Down: Creating passwords that are secure and easy to remember
- Are you in favor of password management software?
Bill Detwiler has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the social research and energy industries. He has bachelor's and master's degrees from the University of Louisville, where he has also lectured on computer crime and crime prevention.