Massive hack shows users still don’t know how to create safe passwords

Cyber security researchers discovered a server with the login information for about 2 million Internet accounts, most of which have simple passwords.
(Jonathan Nackstrand / AFP/Getty Images)
Share via

Cyber security researchers recently discovered a server with about 2 million stolen Internet passwords, and as expected, many of the login credentials are no more complex than “1234.”

Of the stolen passwords, nearly 1.6 million come from websites. More than 318,000 come from Facebook, nearly 60,000 from Yahoo, more than 54,000 from Google and nearly 22,000 from Twitter. Fortunately, most of the companies have reportedly reset the passwords for users’ whose accounts were compromised.

But the hack shows that users are still making it very easy for others to break into their online accounts.


PHOTOS: Top 10 ways to take advantage of the ‘sharing economy’

Trustwave’s SpiderLabs, the research team that discovered the stolen passwords, said the most common password was “123456” followed by “123456789,” “1234,” “password” and “12345.”

The research team also gave a rating to the passwords, based on how long they were and how many different types of characters -- letters, words, punctuation marks and so on -- were used. Most of the passwords, 44%, were rated as “medium” while 28% were rated “bad,” 17% were rated “good,” 6% were “terrible” and only 5% received an “excellent” rating.

Users are creating easy-to-crack passwords, but SpiderLabs blames companies, not users, for this problem.

“If our hypothesis is true, then the inevitable conclusion is that people still choose comfort over security,” the team said in a blog post. “If you don’t enforce a password policy, don’t expect your users to do it for you.”

So how can you create a better password? Here’s a few tips:

  • Use capital and lowercase letters
  • Use letters and numbers
  • Use words not found in the dictionary. For example, instead of “apple” go with “aapl”
  • Replace letters like “O” and “E” with numbers like “0” and “3”
  • Use long passwords

If you apply all of those techniques you can take a simple password like “thisismypassword” and turn it into something a little more complex like “th1ss1smYypa4sSsw0rdD.”



Struggle no more: Next-generation USB to be reversible

Uber to deliver some Christmas trees on demand Thursday

From Android to robots: Google executive reveals latest project