Don’t Let the Cyber-wolves Get You

Everyone is talking about the LinkedIn passwords published by a Russian hacker looking for help cracking the encryption. They’re upset about the level of security, upset about how the information was taken in the first place, and the possibility of more account information being stolen than just passwords.

Those are all valid concerns of course. But what can be more disturbing than to discover that users still think “1234567” is still a good password? Rapid7 published an infographic with the top phrases in cracked passwords from the LinkedIn breech. The “1234567” number sequence was 28th out of the top 30 passwords cracked. “12345” was 6th, and “1234” was 2nd.

What was number one? “Link” as in “LinkedIn”. Common words, words related to the website, and letter or number sequences are the first things hackers try when working to crack passwords. Using any of those is practically giving away your personal information.

Back in 2010 Imperva conducted a study on breached passwords (long before the LinkedIn breech) and found that the first three on the list were “123456”, “12345” and “123456789”.
Other passwords in the top ten were:

  • Password
  • iloveyou
  • princess
  • abc123

So what makes the LinkedIn password list the most disturbing is that users have not learned the lesson very well. Clearly the non-corporate user (corporate password security is usually enforced by policy) doesn’t understand the necessity and implications of a robust password. Even one poor password on a website can give hackers access to financial or personal information. In a world full of cyber-wolves hunting us down, the only weapon the individual has is to create and maintain secure passwords. Company databases will be breached. It happens all the time despite valiant attempts to prevent it.

To create the strongest password possible here are some simple guidelines. Share them with everyone you know - Ma, Pa, Grandma, and your kids, everyone.

  • Don’t use any word found in the dictionary
  • Don’t use number sequences
  • Don’t use letter sequences, that means alphabetic order as well as QWERTY.
  • Make the password at least 8 characters
  • Use at least one special character, don’t make it the first or last character
  • Use a mixture of numbers and letters
  • Use upper and lower case letters

Obviously the more complicated the combination, the harder the password is to break. And also the harder to remember. Keeping a record of your passwords is fine - just don’t do it in a way that someone can access them easily.