The most popular account password was “12345” and today with one digit longer but hardly safer: “123456.” One out of five web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data. Beware of common password that hackers love.
Examiners found RockYou,a company that makes software for users of social networking sites like Facebook and MySpace. They examined a list of 32 million passwords that an unknown hacker stole last month from RockYou. RockYou, which had already been widely criticized for lax privacy practices, has advised its customers to change their passwords, as the hacker gained information about their e-mail accounts as well.Typically, only government agencies like the F.B.I. or the National Security Agency have had access to such a large password list.
Some bad passwords that hackers love are “123456”, “12345”, “qwerty”, “abc123” and “princess.” Hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.
Hackers could also simply learn to trick some web sites that try to thwart the attackers by freezing an account for a certain period of time if too many incorrect passwords are typed.Even commercial sites like eBay must weigh the consequences of freezing accounts, since a hacker could, say, try to win an auction by freezing the accounts of other bidders.
To improve security, some Web sites are forcing users to mix letters, numbers and even symbols in their passwords. Others, like Twitter, prevent people from picking common passwords.
The experts suggest that everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.