Another Breach Reveals Weak Passwords: Will We Ever Learn?

A comparison of harvested passwords from LinkedIn and Gawker Password shows strong passwords are still too rarely used

It has been 18 months since more than 188,000 passwords for subscribers to Gawker were snatched by hackers and posted to the Web, but consumers don't seem any more inclined to protect their passwords now than they were then.

An analysis of the most common passwords found among the millions posted to the Net after digital desperadoes clipped them from LinkedIn reveals similarities between them and the favorites of Gawker users.

For example, consecutive numbers are popular with both groups. Two of the top ten passwords for LinkedIn members were 1234 and 12345, while three passwords in the Gawker top ten were 12345, 123456 and 12345678.

Gawker's top ten also had a non-consecutive number, 111111, and an alpha numeric consecutive, abc123. Other top ten passwords for the site were less obvious, but not very strong either: lifehacker, monkey, and consumer.

LinkedIn members tended to stay away from old standbys of lazy password pickers like password and qwerty -- both in the Gawker top ten -- and focused on business (job and work were in their top ten), sex (sex and ilove) or religion (god and angel).

It's obvious that really short passwords were acceptable to LinkedIn, as evidenced in "the" making its members' top ten list. Using the name of a site for a password is also a common practice among hasty password pickers. But we all know how busy business people can be and apparently many LinkedIn members didn't have time to complete the name of the site in the password field and just used "link" instead.

If you're concerned about whether or not your password was compromised in the LinkedIn breach and haven't been informed yet by the network about it, you can check out your password at LastPass or LeakedIn.

If you're looking for tips on creating a strong password, there are plenty of folks on the Net that can advise you on that subject, including Microsoft and Google. See also PCWorld's tips at "Create a Different, Secure, Easy-to-Remember Password for Every Site.")

If you're wondering how strong the passwords you're using are, you can test them at How Secure Is My Password? For example, a password like 123456 would be cracked almost instantly.

By the way, if all this information about strong passwords makes your head hurt, How Secure has a companion site that will create for you strong passwords like 4shkenaz!Sp!tt!ng, which would take a desktop PC 14 quadrillion years to crack.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello Jr.

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place