by  Sara Yin November 15 2011 PCMAG.com  

 

Whenever idiotic passwords are discussed, the following story always comes up: five years ago, a group of Slovak hackers breached Slovakia’s National Security Bureau (abbreviated NBU), which stores tons of classified information. It was an easy hack. The NBU’s master login/password was simply nbusr/nbusr123. After cracking it, the hackers publicized the information, much to the NBU’s embarrassment.

 

What’s even worse? Days later, the password was still “nbu123.”

That was five years ago, but bad passwords still abound. SplashData, a password management app maker, compiled a list of the 25 worst passwords of 2011, based on millions of stolen passwords that were dumped online. Typically after hackers compromise a server, like Sony’s or CIA.gov’s, they post all these personal details online.

Many of the passwords are sequential numbers like “12345” or “654321,” while others contained messages like “letmein” and “trustno1”. Even if you thought you were being clever with “qazwsx,” (look at your keyboard, you’ll get it) it’s number 23 on the list. “Monkey,” “password,” and “qwerty” are ALWAYS on these lists. I know I’m preaching to the choir here but, seriously?

1. password

2. 123456

 

3. 12345678

 

4. qwerty

 

5. abc123

 

6. monkey

 

7. 1234567

 

8. letmein

 

9. trustno1

 

10. dragon

 

11. baseball

 

12. 111111

 

13. iloveyou

 

14. master

 

15. sunshine

 

16. ashley

 

17. bailey

 

18. passw0rd

 

19. shadow

 

20. 123123

 

21. 654321

 

22. superman

 

23. qazwsx

 

24. michael

 

25. football

 

Having a tough-to-crack password won’t thwart a sophisticated cybercriminal, who can use other methods to breach a server in which passwords are stored. But a solid password will at least deter the lowest common denominator like a nosy partner or a low-level hacker using a dictionary attack that simply tries thousands of passwords.

 

If you, like me, are rather scatterbrained, perhaps it’s time to invest in a password management app which generates unique passwords for you and stores them under one password-protected program.LastPass 1.72 Premium is PCMag’s Editors’ Choice for password managers. It keeps your encrypted password collection online and works across Windows, Mac, and Linux machines. For more, see security analyst Neil Rubenking’s selection of Six Great Password Managers.

A few months ago a software architect at Microsoft, compiled after the Sony PSN hack, revealed that most of us have three, easy-to-crack passwords. For tips on how to how to do passwords right, read PCMag’s Password Protection: How to Create Strong Passwords. See Passwords: You’re Doing it Wrong to avoid some common errors.

 

For more from Sara, follow her on Twitter @sarapyin.

Advertisements