TR Hot 5: Passwords that make IT security pros cringe
April 9, 2010, 5:43am PDT | Length: 00:04:46
This week's episode of the TechRepublic Hot 5 is dedicated to gadgetgirl, because when I asked for Hot 5 topic suggestions on Facebook, GG came through. She took a straw poll at work last year, and here are the hot 6 passwords most selected by end users ("...so much for all this security awareness training I do....").
If you're not a fan of video, you can choose to just download the mp3.
I'm Sonja Thompson with TechRepublic's Hot 5, and this episode -- on April 9th, 2010 -- is dedicated to gadgetgirl, because I asked for Hot 5 topic suggestions on Facebook, and she came through. According to GG, here are the hot 5 passwords that will make any IT security professional cringe.
So, why is GG cringing? Well, she did a straw poll at work last year, and these were the hot 6 passwords most selected by end users. Yeah, she gave me 6, so what I am supposed to do? Leave one out? I don't think so!
< insert preferred sports team name here > Now, of course, this changes from area to area, but if you know where someone lives, you could potentially guess it. GG gave the example of Middlesbrough, Newcastle United (or Magpies) as well as Sunderland FC (or Black Cats).
My example, being from Moorhead, Minnesota, would be the spud (yes, a potato) -- or if you focus on the closest big city Minneapolis, St. Paul, it would be the gopher. We are the gopher girls, we really gopher guys, but they don't go for us, we wonder why!
< insert any expletive here > GG said that some (BEEP) people think they are SO (BEEP) funny using swear words as (BEEP) passwords. Yeesh... clean it up, folks!
< Letmein > And in GG's own words, "Some bright sparks think that they are the only person in the world to think of that one." And then I felt kind of stupid because I used that one once -- except for mine was< pleaseletmein >, so at least I'm more polite than your average dumb user, right?
< secret > The password is a secret....get it? GG said, "Insert groan here."
< 666666 > Of course, the TR community can understand why Hal 9000 would love this password. After all, if three 6s are great, then six 6s are even better, right? Well, even though this password would certainly be easy to remember, it's not recommended -- and neither is 123456 or any of those other commonly-used numeric passwords.
And the most popular and probably absolute worst password is < password >. You should never ever, ever ever ever use the default password, which often times is < password >.
So, now that we've heard some real doozies, how can you help your end users develop better practices when it comes to creating stronger, more secure passwords?
Fortunately, we have a ton of resources on TechRepublic that can help you do just that -- including an "end-user password security" download (can you say PowerPoint presentation), and several posts from various bloggers and community members. For example, Mike Mullins wrote about how you can help users create complex passwords that are easy to remember. Tricia Liebert, aka TiggerTwo, talked about how to secure end users' pesky password problems. And Chad Perrin, aka apotheon, took it a step further and explained how to fight back against a bad password policy. I'll include links to all of these posts, and some additional password security resources, in the blog notes.
Thanks again to gadgetgirl for chiming in on Facebook with this topic. I hope that it's been informative and entertaining.
And speaking of Facebook, if you haven't already, please become a Fan of TechRepublic. We don't have super cool Facebook apps, like build your own server farm-ville, but we DO have excellent content that we link to every day.
Take care, everyone, and be sure to tune in next week for another TR Hot 5.