Readers of the Bach Seat know that passwords suck and that people are awful at picking passwords. The Business Insider offers more proof. According to a recent article, the 2012 LinkedIn data breach exposed a whopping 167 million accounts that were compromised, including 117 million passwords.
The article says the passwords were hashed or encrypted so they can’t be read, but researchers at LeakedSource have been able to decrypt them. Their findings should be no surprise to Bach Seat followers. The results show just how much the same passwords get used over and over (and over and over and over and over) again.
92% of the top leaked LinkedIn passwords were identified as the top 25 most often used passwords in 2011 or 2012. Nearly half of the passwords listed were the most commonly used password in 2011, 2012, or 2013. The top 5 bad passwords were used to “secure” over 1.2 million accounts.
The LeakedSource data says the most popular password for LinkedIn in 2012 was 123456. That password was used by more than 750,000 accounts. Data the Bach Seat has collected says that 123456 has been the top 1 or 2 passwords every year used since 2011.
The remarkably unstealthy password ’linkedin’ is the second most used password on these breached LinkedIn accounts with 172,523 users. That is just so wrong on so many levels.
The password ‘password’ is number three with 144,458 hacked LinkedIn users relying on it to secure their professional profile. Our historical data says that ‘password’ has swapped the top ranking with ‘123456’ since 2011.
‘
12345678’ is the fourth most popular bad LinkedIn password with 94,214 users according to LeakedSource. This password has been a consistent #3 in my data.
The data for the top 49 passwords is below. You can search for your user name here Fix your passwords.
| Rank | Password | Frequency | Notes |
|---|---|---|---|
| 1 | 123456 | 753,305 | #2 in 2012 |
| 2 | 172,523 | ||
| 3 | password | 144,458 | #1 In 2012 |
| 4 | 123456789 | 94,314 | #6 in 2012 |
| 5 | 12345678 | 63,769 | #3 in 2012 |
| 6 | 111111 | 57,210 | #12 in 2011 |
| 7 | 1234567 | 49,652 | #7 in 2011 |
| 8 | sunshine | 39,118 | #15 in 2011 |
| 9 | qwerty | 37,538 | #4 in 2011 |
| 10 | 654321 | 33,854 | #21 in 2011 |
| 11 | 000000 | 32,490 | #25 in 2013 |
| 12 | password1 | 30,981 | #21 in 2013 |
| 13 | abc123 | 30,398 | #5 in 2011 |
| 14 | charlie | 28,049 | |
| 15 | linked | 25,334 | |
| 16 | maggie | 23,892 | |
| 17 | michael | 23,075 | #16 in 2012 |
| 18 | 666666 | 22,888 | |
| 19 | princess | 22,122 | #22 in 2013 |
| 20 | 123123 | 21,826 | #11 in 2013 |
| 21 | iloveyou | 20,251 | #9 in 2013 |
| 22 | 1234567890 | 19,575 | #13 in 2013 |
| 23 | Linkedin1 | 19,441 | |
| 24 | daniel | 19,184 | |
| 25 | bailey | 18,805 | #17 in 2011 |
| 26 | welcome | 18,504 | |
| 27 | buster | 18,395 | |
| 28 | Passw0rd | 18,208 | #18 in 2011 |
| 29 | baseball | 17,858 | #9 in 2012 |
| 30 | shadow | 17,781 | #17 in 2011 |
| 31 | 121212 | 17,134 | |
| 32 | hannah | 17,040 | |
| 33 | monkey | 16,958 | #6 in 2011 |
| 34 | thomas | 16,789 | |
| 35 | summer | 16,652 | |
| 36 | george | 16,620 | |
| 37 | harley | 16,275 | |
| 38 | 222222 | 16,165 | |
| 39 | jessica | 16,088 | |
| 40 | GINGER | 16,040 | |
| 41 | michelle | 16,024 | |
| 42 | abcdef | 15,938 | |
| 43 | sophie | 15,884 | |
| 44 | jordan | 15,839 | #22 in 2012 |
| 45 | freedom | 15,793 | |
| 46 | 555555 | 15,664 | |
| 47 | tigger | 15,658 | |
| 48 | joshua | 15,628 | |
| 49 | pepper | 15,610 |
rb-
The advice remains the same as I wrote about in 2010.
Strong passwords characteristics:
• At least eight (8) alpha-numeric characters
• At least one numeric character (0-9)
• At least one lower case character (a-z)
• At least one upper case character (A-Z)
• At least one non-alphanumeric character* (~, !, @, #, $, %, ^, &, *, (, ), -, =, +, ?, [, ], {, })
• Are not a word in any language, slang, dialect, jargon, etc.
• Are not based on personal information, names of family, etc.
• Are never written down or stored online.
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
Market research firm Tractica predicts that the high levels of interest will drive worldwide shipments of wearable computing devices for enterprise and industrial from 2.3 million in 2015 to 66.4 million units by 2021 and could reach 75.4 billion by 2025. This means there will be a total of 171.9 million wearables in the wild by 2021.
The report at FierceMobileIT cites a large number of trials or deployments with a diverse set of wearables across a variety of industry sectors for the growth. Tractica research director Aditya Kaul explained the prediction,
In the past year, the enterprise and industrial wearables market has moved into an implementation phase, with the focus shifting from public announcements to the hard work that needs to be done behind the scenes to get wearables rolled out at commercial scale.
Tractica noted a range of new IoT use cases are emerging for workplace wearables. The new uses are focused on application markets like; retail, manufacturing, healthcare, corporate wellness, warehousing and logistics, workplace authentication and security, and field services.
The market research firm believes the primary wearable device categories will be; smartwatches, fitness trackers, body sensors, and smartglasses, There will also be other niche categories that will play a role for specialized use cases.
The report does concede that in terms of unit volumes and revenue, enterprise and industrial wearables are still a very small part of the IoT overall market. Wearable’s share of the total market will grow over time, according to Tractica.
Wearables proliferation does not bode well for IoT or enterprise security. A recent survey of 440 IT pros by IT networking company Spiceworks found that enterprise wearables are most likely to be the cause of a data breach out of all Internet of Things devices connected to a workplace network.
According to FierceMobileIT, the survey found that 53% of IT pros believe wearables are the least secure of all IoT devices. Overall, 90% of those surveyed think IoT makes workplace security more difficult. Spiceworks also found that only one in three of those surveyed are preparing for the tidal wave of these devices.
The number of companies allowing wearables on the network has jumped from 13% in 2014 to 24% in the current Spiceworks survey. That’s a significant jump, and especially worrisome for the two-thirds of organizations putting off a proper security protocol. 41% of those surveyed said that their organizations have a separate network for connected devices, 39% allow them on the corporate network and 11% don’t allow IoT in any capacity.
Enterprise IoT devices aren’t the only reason IT pros should worry, as Andrew Hay, CISO of DataGravity, told FierceMobileIT at the RSA conference this year. Workers are bringing consumer-grade IoT devices into enterprise environments, too. In other words, IT pros don’t have a choice at this point but to seriously consider security measures for IoT.
rb-
I first covered IoT security holes in 2011. In 2014, I wrote about HP research which found on average 25 security flaws per device tested. If these stats are right, there will be almost 4.3 billion security flaws in the wild.
Some of the security flaws HP pinpointed in wearables during 2015 included:
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
A new report (PDF) from charity Oxfam says American companies stash a significant part of their cash overseas to take advantage of more favorable tax laws in other countries. They claim that tech companies take particular advantage of this practice, also known as “tax havens.” Oxfam which is crusading to get the U.S. government to crack down on this practice says tax havens costs the United States more than $100 billion a year in lost tax revenue.
The Business Insider brought us this Statista chart, based on the Oxfam report. Tech firms are hoarding nearly $500 Billion in cash overseas. The chart shows how much money major US tech companies have stashed overseas, and how many subsidiaries they have set up in countries that Oxfam defines as tax havens, “which can be characterized by secrecy, low- or zero-tax rates, and the almost complete lack of disclosure of any relevant business information.”
While tech is the most prominent sector on Oxfam’s list, the article claims tech is not alone — large companies in other sectors like General Electric ($119 billion), Pfizer ($74 billion), Merck ($60 billion), and Exxon Mobile ($51 billion) also have lots of cash stashed overseas.
There’s nothing illegal about this practice. But Oxfam believes it contributes to income inequality. They are urging U.S. lawmakers to make it harder for companies to use international tax laws to their advantage in this way.
Overseas tax havens have been the focus of recent revelations about tax scams by wealthy people, based on the leak of the “Panama Papers,” documents from a single Panama-based law firm, Mossack Fonseca, involving 214,000 offshore shell companies. The firm’s clients included 29 billionaires and 140 top politicians worldwide, among them a dozen heads of government.
rb-
This list looks a lot like the one for the top lobbying spender firms. I wrote about the tech titans lobbying efforts just a couple of weeks ago here.
| Rank | Firm | Cash $ held off shore | Lobbying rank | Lobbying $ spending |
|---|---|---|---|---|
| 1 | Apple | 181.1B | 10 | 4.5M |
| 2 | Microsoft | 108.3B | 7 | 8.5M |
| 3 | IBM | 61.4B | 11 | 4.6M |
| 4 | Cisco | 52.7B | 14 | 2.7M |
| 5 | Alphabet/Google | 47.4B | 1 | 16.6M |
| 6 | HP | 42.9B | ||
| 7 | Oracle | 38.0B | 13 | 4.5M |
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
