123456 is the most used password, according to a study analysing the 32 million passwords exposed in the Rockyou.com breach.
The study also acts as a list of passwords for the terminally imbecilic, with all the favourites such as 12345 and 123456789 also making the top ten.
While numbers dominate the top three, moronic ‘safe’ words are also represented with the word ‘password’ coming in at four, ‘iloveyou’ at five and ‘princess’ at six. The chances are, according to Imperva, you or someone you know might be stupid enough to come up with the word password, for a password, when using social networking or e-commerce sites.
“Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like ‘123456’,” said Imperva’s CTO Amichai Shulman.
So the hackers who took emails from Rockyou.com could then, easily, use them to hack email accounts and social networking sites.
December’s hack of Rockyou.com was blamed on an SQL injection vulnerability that compromised the company’s entire and apparently unencrypted database. Imperva says that the data unearthed in the attack has taught us all about not having a stupid password for all our accounts.
“The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine.”
The victims of the rockyou.com breach might not agree that it was a good opportunity to examine some data Imperva, but the ones idiotic enough to use these passwords probably shouldn’t show their faces to argue.
The top ten most used passwords: