90% of passwords are vulnerable to hack

Deloitte warns over 90% of user-generated passwords will be vulnerable to hacking this year

Deloitte has claimed that over 90 per cent of user-generated passwords will be vulnerable to hacking in 2013, which it says could result in billions of dollars of loss, declining confidence in internet transactions and loss in trust of the businesses who fall victim.

Jolyon Barker, global lead for Deloitte’s technology, media and telecommunications industry, said “Whilst moving to stronger, longer passwords means greater levels of security, people understandably find these harder to remember.”

He added that so-called ‘two-factor authetication’, using additional methods, could improve security. “Instead an additional bit of identification can be used. It could be a password sent to a cell phone or smartphone, a physical device that plugs into a USB slot, or possibly be a biometric feature of the user,” Mr Barker said.

Deloitte said inadequate password protection may result in billions of dollars of losses, declining confidence in internet transactions and significant damage to the reputations of the companies compromised by attacks. As the value of the information protected by passwords continues to grow, attracting more hack attempts, high-value sites will likely require additional forms of authentication.

Security software developer Splashdata has its annual list of the worst — and most common — passwords used on the web in 2012. Worryingly, very little has changed from 2011, where “password”, “123456” and “12345678” are still in the top spots.

In addition, several new arrivals in the top 25 awful passwords are “jesus”, “welcome”, “mustang”, and sadly “ninja”.

According to PC World, the data is based on file dumps from online hacking campaigns, which include high-profile security breaches suffered at Yahoo, LinkedIn, eHarmony, and Last.fm. Here is the complete list, including places going up or down:

1 password Unchanged
2 123456 Unchanged
3 12345678 Unchanged

4 abc123 Up 1
5 qwerty Down 1
6 monkey Unchanged
7 letmein Up 1
8 dragon Up 2
9 111111 Up 3
10 baseball Up 1
11 iloveyou Up 2
12 trustno1 Down 3
13 1234567 Down 6
14 sunshine Up 1
15 master Down 1
16 123123 Up 4
17 welcome New
18 shadow Up 1
19 ashley Down 3
20 football Up 5
21 jesus New
22 michael Up 2
23 ninja New
24 mustang New
25 password1 New

According to research from Norton, nearly half of Internet users do not use a complex password and over 25 percent of adults online have been notified to change their password when an account has been compromised. In addition, 46 percent of users aged between 18 and 64 don’t use a password that combines phrases, letters, numbers, symbols and caps or lowercase — which are more difficult to infiltrate.

The simple fact of the matter is that if you choose a password which follows a simple pattern or is an obvious word, not only will it be easy for you to remember, but it will also be easy for simple attacks to breach your personal security.

In order to create a secure password, you should consider avoiding easy keyboard patterns — such as ‘qwerty’ or ‘123’, mix capital and lower-case letters, and keep them varied. A difficult-to-guess memorable word, such as a book character or favorite food would work better than ‘password’ or ‘letmein’, and switching word orders will boost the security of your online accounts further.


2 thoughts on “90% of passwords are vulnerable to hack

  1. I like what you guys are up too. Such intelligent work and reporting! Carry on the superb works guys I have incorporated you guys to my blogroll. I think it’ll improve the value of my website 🙂

  2. I was just searching for this info for a while. After 6 hours of continuous Googleing, finally I got it in your website. I wonder what is the lack of Google strategy that don’t rank this kind of informative web sites in top of the list. Usually the top web sites are full of garbage.

Comments are closed.