Readers of the Bach Seat know that passwords suck and that people are awful at picking passwords. The Business Insider offers more proof. According to a recent article, the 2012 LinkedIn data breach exposed a whopping 167 million accounts that were compromised, including 117 million passwords.
The article says the passwords were hashed or encrypted so they can’t be read, but researchers at LeakedSource have been able to decrypt them. Their findings should be no surprise to Bach Seat followers. The results show just how much the same passwords get used over and over (and over and over and over and over) again.
Most often used passwords
92% of the top leaked LinkedIn passwords were identified as the top 25 most often used passwords in 2011 or 2012. Nearly half of the passwords listed were the most commonly used password in 2011, 2012, or 2013. The top 5 bad passwords were used to “secure” over 1.2 million accounts.
The LeakedSource data says the most popular password for LinkedIn in 2012 was 123456. That password was used by more than 750,000 accounts. Data the Bach Seat has collected says that 123456 has been the top 1 or 2 passwords every year used since 2011.
The remarkably unstealthy password ’linkedin’ is the second most used password on these breached LinkedIn accounts with 172,523 users. That is just so wrong on so many levels.
The password ‘password’ is number three with 144,458 hacked LinkedIn users relying on it to secure their professional profile. Our historical data says that ‘password’ has swapped the top ranking with ‘123456’ since 2011.
‘
12345678’ is the fourth most popular bad LinkedIn password with 94,214 users according to LeakedSource. This password has been a consistent #3 in my data.
The data for the top 49 passwords is below. You can search for your user name here Fix your passwords.
| Rank | Password | Frequency | Notes |
|---|---|---|---|
| 1 | 123456 | 753,305 | #2 in 2012 |
| 2 | 172,523 | ||
| 3 | password | 144,458 | #1 In 2012 |
| 4 | 123456789 | 94,314 | #6 in 2012 |
| 5 | 12345678 | 63,769 | #3 in 2012 |
| 6 | 111111 | 57,210 | #12 in 2011 |
| 7 | 1234567 | 49,652 | #7 in 2011 |
| 8 | sunshine | 39,118 | #15 in 2011 |
| 9 | qwerty | 37,538 | #4 in 2011 |
| 10 | 654321 | 33,854 | #21 in 2011 |
| 11 | 000000 | 32,490 | #25 in 2013 |
| 12 | password1 | 30,981 | #21 in 2013 |
| 13 | abc123 | 30,398 | #5 in 2011 |
| 14 | charlie | 28,049 | |
| 15 | linked | 25,334 | |
| 16 | maggie | 23,892 | |
| 17 | michael | 23,075 | #16 in 2012 |
| 18 | 666666 | 22,888 | |
| 19 | princess | 22,122 | #22 in 2013 |
| 20 | 123123 | 21,826 | #11 in 2013 |
| 21 | iloveyou | 20,251 | #9 in 2013 |
| 22 | 1234567890 | 19,575 | #13 in 2013 |
| 23 | Linkedin1 | 19,441 | |
| 24 | daniel | 19,184 | |
| 25 | bailey | 18,805 | #17 in 2011 |
| 26 | welcome | 18,504 | |
| 27 | buster | 18,395 | |
| 28 | Passw0rd | 18,208 | #18 in 2011 |
| 29 | baseball | 17,858 | #9 in 2012 |
| 30 | shadow | 17,781 | #17 in 2011 |
| 31 | 121212 | 17,134 | |
| 32 | hannah | 17,040 | |
| 33 | monkey | 16,958 | #6 in 2011 |
| 34 | thomas | 16,789 | |
| 35 | summer | 16,652 | |
| 36 | george | 16,620 | |
| 37 | harley | 16,275 | |
| 38 | 222222 | 16,165 | |
| 39 | jessica | 16,088 | |
| 40 | GINGER | 16,040 | |
| 41 | michelle | 16,024 | |
| 42 | abcdef | 15,938 | |
| 43 | sophie | 15,884 | |
| 44 | jordan | 15,839 | #22 in 2012 |
| 45 | freedom | 15,793 | |
| 46 | 555555 | 15,664 | |
| 47 | tigger | 15,658 | |
| 48 | joshua | 15,628 | |
| 49 | pepper | 15,610 |
rb-
The advice remains the same as I wrote about in 2010.
Strong passwords characteristics:
• At least eight (8) alpha-numeric characters
• At least one numeric character (0-9)
• At least one lower case character (a-z)
• At least one upper case character (A-Z)
• At least one non-alphanumeric character* (~, !, @, #, $, %, ^, &, *, (, ), -, =, +, ?, [, ], {, })
• Are not a word in any language, slang, dialect, jargon, etc.
• Are not based on personal information, names of family, etc.
• Are never written down or stored online.
Related articles
- LinkedIn’s 2012 Breach Still Puts Users at Risk (eweek.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.