• United States



john_mello jr

Another Breach Reveals Weak Passwords: Will We Ever Learn?

Jun 10, 20123 mins
Data and Information SecurityLinkedInSecurity

A comparison of harvested passwords from LinkedIn and Gawker Password shows strong passwords are still too rarely used

It has been 18 months since more than 188,000 passwords for subscribers to Gawker were snatched by hackers and posted to the Web, but consumers don’t seem any more inclined to protect their passwords now than they were then.

An analysis of the most common passwords found among the millions posted to the Net after digital desperadoes clipped them from LinkedIn reveals similarities between them and the favorites of Gawker users.

For example, consecutive numbers are popular with both groups. Two of the top ten passwords for LinkedIn members were 1234 and 12345, while three passwords in the Gawker top ten were 12345, 123456 and 12345678.

Gawker’s top ten also had a non-consecutive number, 111111, and an alpha numeric consecutive, abc123. Other top ten passwords for the site were less obvious, but not very strong either: lifehacker, monkey, and consumer.

LinkedIn members tended to stay away from old standbys of lazy password pickers like password and qwerty — both in the Gawker top ten — and focused on business (job and work were in their top ten), sex (sex and ilove) or religion (god and angel).

It’s obvious that really short passwords were acceptable to LinkedIn, as evidenced in “the” making its members’ top ten list. Using the name of a site for a password is also a common practice among hasty password pickers. But we all know how busy business people can be and apparently many LinkedIn members didn’t have time to complete the name of the site in the password field and just used “link” instead.

If you’re concerned about whether or not your password was compromised in the LinkedIn breach and haven’t been informed yet by the network about it, you can check out your password at LastPass or LeakedIn.

If you’re looking for tips on creating a strong password, there are plenty of folks on the Net that can advise you on that subject, including Microsoft and Google. See also PCWorld’s tips at “Create a Different, Secure, Easy-to-Remember Password for Every Site.”)

If you’re wondering how strong the passwords you’re using are, you can test them at How Secure Is My Password? For example, a password like 123456 would be cracked almost instantly.

By the way, if all this information about strong passwords makes your head hurt, How Secure has a companion site that will create for you strong passwords like 4shkenaz!Sp!tt!ng, which would take a desktop PC 14 quadrillion years to crack.

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.