Last December, someone hacked into the Web site RockYou.com, and exposed a list of usernames and passwords on the Web, in plain text. A month later, security analysis firm Imperva analyzed the most common passwords. The results are eye-opening and should serve as a reminder to you and your staff about the importance of creating and using good passwords.
By far, the most popular password on RockYou.com was “123456,” which satisfies the minimum character limit for the site’s password restrictions, but does little for security. A full 290,731 users had this password, far more than the runner-up, 12345, which had 79,078 users.
Of the list of compromised passwords, other usual suspects surfaced: Password; the site’s name, or rockyou; abc123; and first names, such as Ashley and Daniel. Imperva published a list of the most popular passwords, all of which are extremely weak from a security standpoint.
For years, security experts have argued that users need to use more complex passwords, especially as the computing power and algorithms behind brute-force password crackers become ever more sophisticated. But 30% of the RockYou users picked a password less than six characters in length, and 40% used only lowercase letters.
