Wednesday, November 23, 2011

25 "Worst Password" 2011 Revealed


If you see a password below, STOP!
Do not finish reading this post and go immediately change your password - before you forget. You will probably make changes in several places passwords tend to be reused for multiple accounts.
Here Are Two Lists, The First Compilation Of SplashData: 

25 "Worst Password" 2011 Revealed 
  1. Password
  2. 123456
  3. 12345678
  4. Azerty
  5. abc123
  6. Monkey
  7. 1234567
  8. Letmein
  9. Trustno1
  10. Dragon
  11. Baseball
  12. 111111
  13. Iloveyou
  14. Teacher
  15. Sunlight
  16. Ashley
  17. Bailey
  18. Passw0rd
  19. Shadow
  20. 123123
  21. 654321
  22. Superman
  23. Qazwsx
  24. Michael
  25. Football
Last Year, Imperva Looked 32 Million Passwords Stolen RockYou, A Hacked Site, And Published Its Own Top 10 "worst" List:
  1. 123 456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. Princess
  7. RockYou
  8. 1234567
  9. 12345678
  10. abc123
If you have received to date and do not see any of your passwords, it is good news. But note that passwords combine letters and numbers, such Passw0rd (with "o" replaced by a zero) began to enter the list in 2011. abc123 is a password mixed, which appeared on both lists.
25 "Worst Password" 2011 Revealed 
Last year, Imperva, has provided a list of best practices password created by NASA to help its users to protect against rocket science, they are:
It must contain at least eight characters
It should contain a mixture of four different types of characters - uppercase, lowercase, numbers and special characters such !@#$%^&*,;" If there is a single letter or special character, it must not be first or last character in the password.
It should not be a name, a slang word, or any word in the dictionary. It does not contain the name or e-mail.
Following this advice, of course, means that you will create a password that will be impossible unless you try something credited to security guru Bruce Schneir: Turn a phrase in a password.

For example: "Now I want to give my sleep," could become nilmDOWN2s, 10-character password that does not appear in any dictionary.

I do not remember your password? Schneir says it's ok to write it and put it in your wallet, or better yet a hint to keep in your wallet. As long as you have a list of sites and services that the password is. Try using a different password for each service, but if you can not do, at least develop a set of passwords that are used in different places.

One day, we will use authentication schemes, perhaps biometrics, which does not require as much jump through hoops to protect our data. But meanwhile, are only passwords we all have, so you must be strong enough to do the job.