Rachel King at ZDNet’s Zero Day writes that the recent data breaches at LinkedIn, Last.fm and eHarmony has put passwords back in the spotlight. Unfortunately many people still rely on “password” to secure their digital identity. Antivirus software provider ESET noted some recent work by IT security consultant Mark Burnett who has compiled a list of the “top 500 worst (aka most common) passwords” based on a variety of methods he has detailed on his blog. The entire list is available here (ZIP).
25 Worst passwords
2012 data from xato.net and 2011 data from SplashData.com
Approximately 2/3′s of the worst passwords stayed the same between 2011 and 2012. Are your users passwords on this list? If so, it’s safe to say you should consider a password change policy to force them into using a stronger password.
- Hackers collect significant account details from Blizzard servers (arstechnica.com)
- Passwording: checklists versus heuristics (blogs.securiteam.com)