About Us Auto Homeowners Commercial Health/Life Claims Payment Contact Us Get a Quote Now Home Page Contact Us Employees

Just Hack Me, Please!

          During a recent password audit, it was found that a blonde was using the following password: MickeyMinniePluto HueyDeweyLouieDonaldGoofySacramento.” When asked why she had such a long password, she said she was told that it had to be at least 8 characters long and include at least one capital.

          Seriously, folks, passwords do not have to be as complicated as that; however, most of us make our passwords way too simple. If your password is 123456, just hang a sign on your computer that says, “Hack me, please!”

          According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

          Recently, a list of 32 million passwords was stolen by a hacker from a company that makes software for users of social networking sites. The list was briefly posted on the Web and hackers and security researchers were quick to download it.

          The trove provided an unusually detailed window into computer users’ password habits. Typically, only government agencies like the FBI or the National Security Agency have access to such a large password list.

          “This was the mother lode,” said Matt Weir, a doctoral candidate in the e-crimes and investigation technology lab at Florida State University, where researchers are examining the data.

          What they’ve found so far is that nearly 1% of the 32 million studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “abc123” and “princess.”

          Most disturbing was that about 20% of people picked from the same, relatively small pool of 5,000 passwords.

          That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute. Hackers could be very effective by choosing a small number of common passwords.

          Some web sites try to thwart the attackers by freezing an account for a certain period time if too many incorrect passwords are typed. But experts say that the hackers simply learn to trick the system by making guesses at an acceptable rate, for instance.

          To improve security, some Web sites are forcing users to mix letters, numbers and even symbols in their passwords. Others, like Twitter, prevent people from picking common passwords.

          Still, researchers say, social networking and entertainment Web sites often try to make life simpler for their users and are reluctant to put too many controls in place.

          Even commercial sites like eBay must weigh the consequences of freezing accounts, since a hacker could, say, try to win an auction by freezing the accounts of other bidders.

          Overusing simple passwords is not a new phenomenon. A similar survey examined computer passwords used in the mid ‘90s and found that the most popular ones at that time were “12345,” “abc123” and “password.”

          Why do so many people continue to choose easy-to-guess passwords, despite so many warnings about the risks? Security experts suggest that we are simply overwhelmed by the sheer number of things we have to remember in this digital age.

          “Nowadays, we have to keep probably 10 times as many passwords in our head as we did 10 years ago,” said Jeff Moss, who founded a popular hacking conference and is now on the Homeland Security Advisory Council. “Voice mail passwords, ATM PINs and internet passwords—it’s so hard to keep track of.”

          In the idealized world championed by security specialists, people would have different passwords for every Web site they visit and store them in their head or, if absolutely necessary, on a piece of paper.

          But bowing to the reality of our overcrowded brains, the experts suggest that everyone choose at least two different passwords—a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

          Moss relies on passwords at least 12 characters long, figuring that those make him a more difficult target then the millions of people who choose five- and six-character passwords.

          “It’s like the joke where the hikers run into a bear in the forest, and the hiker who survives is the one who outruns his buddy,” Moss said. “You just want to run that bit faster.”



Most Popular Passwords

Nearly one million users chose these passwords to protect their accounts:

1. 123456

2. 12345

3. 123456789

4. password

5. iloveyou

6. princess

7. rockyou

8. 1234567

9. 12345678

10. abc123

11. nicole

12. daniel

13. babygirl

14. monkey

15. jessica

16. lovely

17. michael

18. ashley

19. 654321

20. qwerty

21. iloveu

22. michelle

23. 111111

24. 0

25. tigger

26. password

27. sunshine

28. chocolate

29. anthony

30. angel

31. friends

32. soccer

Just Hack Me, Please." Mutual of Enumclaw. Web. 24 Feb. 2011. https://moeapp.mutualofenumclaw.com/Agents/MarketingNewsletter.htm.

Posted 2:18 PM

Share |

No Comments

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.