A study of 32 million passwords revealed that "123456" was used by over 290,000 users. Is it time to abandon the password?
IT professionals have long known that most users choose insecure passwords. This fact was proven once again by an analysis of over 32 million passwords--released on the Internet as part of a data breach a RockYou.com. Imperva, a data security firm, analyzed the data and discovered, among other things, that over 290,000 users had a password of "123456".
Here are the top 10 passwords by popularity:
- 123456 - 290,731 users
- 12345 - 79,078 users
- 123456789 - 76,790 users
- Password - 61,958 users
- Iloveyou - 51,622 users
- Princess - 35,231 users
- Rockyou - 22,588 users
- 1234567 - 21,726
- 12345678 - 20,553
- abc123 - 17,542
Imperva's analysis also showed that about 30 percent of users had passwords with six of fewer characters and nearly half of users "used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, an so on)." Considering the above information, can passwords ever be secure? Is it time for a new security mechanism? What should that new authentication mechanism be?
Here are a collection of password resources and discussions from other areas of TechRepublic:
- Gates: Passwords passe
- Gmail password reset options a security hole
- Security 101 - Remedial Edition: Use strong passwords
- Help users create complex passwords that are easy to remember
- How does bad password policy like this even happen?
- Use the Firefox password manager
- Help consulting clients create strong password policies
- Automatically generate and assign strong passwords in Windows XP
- Store passwords with pwsafe
- Removing stored passwords in Windows XP
- Lock IT Down: Creating passwords that are secure and easy to remember
- Are you in favor of password management software?