11th December 2019

And the worst passwords of 2015 are…

1453891607757
Source: Adeptus Mechanicus

2015, like 2014 and 2013 and, well, every other year that a lot of us have been using passwords, had some ridiculous and quite embarrassing passwords.  SplashData was kind enough to compile a list of the top 25 passwords for your amusement:

1. 123456 (Unchanged)

2. password (Unchanged)

3. 12345678 (Up 1)

4. qwerty (Up 1)

5. 12345 (Down 2)

6. 123456789 (Unchanged)

7. football (Up 3)

8. 1234 (Down 1)

9. 1234567 (Up 2)

10. baseball (Down 2)

11. welcome (New)

12. 1234567890 (New)

13. abc123 (Up 1)

14. 111111 (Up 1)

15. 1qaz2wsx (New)

16. dragon (Down 7)

17. master (Up 2)

18. monkey (Down 6)

19. letmein (Down 6)

20. login (New)

21. princess (New)

22. qwertyuiop (New)

23. solo (New)

24. passw0rd (New)

25. starwars (New)

We hope a lot of you reading this list don’t exclaim “OMG my password made it to the list”, seriously!  And even if you don’t, these findings raise some serious concerns about the kind of passwords we use every day.  No one wants an overly complex password, so most of us will pick a birthday, the name of our childhood crush, or our son or daughter’s name, a memorable place, sometimes combined with a birthday or date of some sort, to come up with passwords like: mwila1982, catherine77, mansa89, etc. It is understandable that something we use every day should be easy to remember and quick to type in, but hopefully the following paragraphs will enlighten you and make you reconsider.

Modern day password cracking does not require a complex hardware setup.  We setup a test PC with an Intel i5 4790K processor and a Radeon R9 290 graphics card (GPU). Using a password cracking application called “Cain and Abel”, we were able to crack a 7 character password (mwape72) in under 10 minutes.  For those of you that aren’t familiar with the use of GPUs for password cracking, here’s a brief overview: A GPU is simply a brilliant and fast mathematician capable of getting through millions or billions of complex instructions in a very short time.  This ability comes in handy when working with an unknown password that is say 7 characters long and each character is any letter from A-Z and a number 0-9. Any character in the password can only be 1 or 36 possible values, which for a GPU is a fairly simple task to complete.

While websites and servers can improve your security by locking your account after maybe 3 failed login attempts or by using more complex password encryption technologies, if an authentication attempt is intercepted over an unsecured WiFi network, a weak password can be salvaged in a very short time.  Therefore, there are some things you can do to improve your security:

Ensure that your passwords are either 7 characters or longer, are made up of lowercase and uppercase letters, and include some numbers and symbols.  If you do that, it would take a cracker months, if not years, to guess your password.

Never use the same password for multiple accounts, i.e. your Facebook, Twitter or mail account, or even worse, your online banking account.

Always make sure that when you’re signing into a website, the connection is a secure connection (HTTPS), and the sign-in certificate is valid,  you can verify that by looking for a little lock in your address bar.

Never use obvious names of people, places or things as your passwords.  One of the best forms of hacking, is profiling, where a hacker can make a list of the people you know, the places you’ve been and when you’re there to create a dictionary list of passwords they can try.

If you are the kind that loves visiting questionable websites (i.e. torrent websites) make sure you’re not allowing pop-up screens to run content you’re not sure of, and that you’re not downloading malicious applications.

Source: ICT ZM