Rachel King at ZDNet’s Zero Day writes that the recent data breaches at LinkedIn, Last.fm and eHarmony has put passwords back in the spotlight. Unfortunately many people still rely on “password” to secure their digital identity. Antivirus software provider ESET noted some recent work by IT security consultant Mark Burnett who has compiled a list of the “top 500 worst (aka most common) passwords” based on a variety of methods he has detailed on his blog. The entire list is available here (ZIP).
Simply Hired - July 2012 Forbes - May 2012
Baltimore, MD area Seattle, WA area
Detroit, MI area Washington DC-area
Charlotte, NC area San Diego, CA area
Portland, OR area Salt Lake City, UT
Seattle, WA area Baltimore, MD area
Pittsburgh, PA Jacksonville, FL
Milwaukee, WI area San Jose, CA area
Richmond, VA Columbus, OH
Raleigh-Cary, NC Raleigh-Cary, NC
New York, NY area Nashville, TN area
Approximately 2/3’s of the worst passwords stayed the same between 2011 and 2012. Are your users passwords on this list? If so, it’s safe to say you should consider a password change policy to force them into using a stronger password.
- Hackers collect significant account details from Blizzard servers (arstechnica.com)
- Passwording: checklists versus heuristics (blogs.securiteam.com)