Star Wars | Bach Seat

Tag Archive for Star Wars

RB | November 29, 2021

Comments Off

Passwords That Won’t Keep You Safe

I could not let 2021 wrap up without the annual look at the OMG WTF are they thinking worst passwords list. I have been covering the sorry-state of passwords since 2010 and unfortunately little has changed. The biggest change has come in the increased number of mega-breaches leaking passwords all over the Intertubes.

Here is NordPass’s 2021 list. Nordpass and independent cybersecurity researchers evaluated a database with 4 terabytes’ worth of data. You can visit the NordPass website to see all 200 of the entries from 2021. But here are the top 25 most common passwords:

2021's Worst Passwords

2021's 25 worst passwords compiled by Nordpass.

Rank	Password	Change from 2020
1	123456	-
2	123456789	-
3	12345	+5
4	qwerty	+8
5	password	(1)
6	12345678	-+1
7	111111	(2)
8	123123	(2)
9	1234567890	(1)
10	1234567	+1
11	qwerty123	New
12	000000	+3
13	1q2w3e	New
14	aa12345678	New
15	abc123	(2)
16	password1	+3
17	1234	(1)
18	qwertyuiop	+6
19	123321	+4
20	password123	New
21	1q2w3e4r5t	New
22	iloveyou	(5)
23	654321	+1
24	666666	New
25	987654321	New

Bad password factoids

The top 25 bad passwords can be cracked in less than 1 second by a bot (or person) according to Nordpass.
94% of the most frequent passwords – can be cracked in less than 10 seconds.
The most secure password “myspace1” ranked #54 on the list. It was used by 1,619,027 users and can be cracked in 3 hours.
The most popular sport on the list is “football.” It ranked #60 and was used by 1,468,381 users.
“Superman” protected 1,180,436 accounts. He ranked 81st but could be cracked in less than 1 second.
The most popular movie on the list was “starwars.” 701,474 users tried to use the Force to protect their accounts. Unfortunately the Force is not strong with this one, it could be cracked in less than 1 second.

Password risk index

The NordPass researchers also devised a risk index based on the number of passwords leaked in each country per capita. Russia came in first with an astounding 19.9 passwords leaked per capita. Other counties that leaked the most passwords are:

The Czech Republic 6.2,
France 6.0,
Germany 5.8,
U.S. 5.2,
Italy 4.4,
Canada 3.6,
Australia3.3
and Poland 3.6.

rb-

You can test the strength of your password by visiting this site and typing it in. They claim the site isn’t creating a repository of passwords because your information is never sent over an internet connection. The best part? As you type, the software tells you approximately how long it would take a computer to figure out your password. The site turns red if your password is weak but slowly turns green as you make it stronger. It’ll even give you tips on how to improve your password security.

Stay safe out there!

Related article

The Password Turns 60 This Year, But It’s Not Going Away Anytime Soon (Infosecurity Magazine)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2021, NordPass, Passwords, Security, Star Wars, Superman

RB | November 1, 2019

Comments Off

Celebrities You Shouldn’t Google in 2019

It is time once again for McAfee’s annual search for the most dangerous celebrity online. The 2019 version of the cyber-security firm’s research found which celebrities’ internet searches expose users to the most risk from malicious websites, malware, and ransomware, and other risky outcomes. McAfee says that criminals use deceptive websites to dupe unsuspecting consumers into accessing malicious files or content.

McAfee crowned actress Alexis Bledel the riskiest celeb online for 2019. Searches for the actress, known for her role as Rory Gilmore. in the TV show Gilmore Girls landed the most users on risky websites that carry viruses or malware in 2019.

McAfee speculates that the Texas-born Bledel’s role as Ofglen in the fan-favorite Hulu series “The Handmaid’s Tale” and big-screen role in the “Sisterhood of the Traveling Pants” movies led to her top ranking.

The actress takes over the number one spot from Ruby Rose, who topped last year’s list mainly because of fans’ interest in her playing Batwoman.

The second most dangerous celebrity online was British comedian and actor and host of the Late Late Night show, James Corden. The popularity of viral videos from the Late Late Show gives attackers more options to spread their malware.

Sophie Turner made the list at number 3. She has been trending lately due to her role on “Game of Thrones,” as well as her relationship with singer Joe Jonas.

Pitch Perfect series’ actress Anna Kendrick reached 4th place. She was followed by Lupita Nyong’o as the 5th riskiest position on the risky celebrity list. McAfee speculates that interest in “Star Wars: The Rise of Skywalker” put Ms. Nyong’o on the list.

Comedian, former SNL star, and current Tonight Show host Jimmy Fallon is ranked number 6. Viral videos from Tonight Show are popular with threat actors.

Martial arts master Jackie Chan, who came in at 7. McAfee explained that rumors circulated about his return to the big screen in “Rush Hour 4” and “The Karate Kid 2.” His team denied the gossip, but cyber-criminals took advantage of fans’ nostalgia to spread their malware.

Rappers take the #8 and 9 positions on McAfee’s list. Lil Wayne was named the eighth most dangerous driven by his summer tour with Blink-182 and fans search for illegal downloads. Nicki Minaj came in at 9. She caused many of her fans to panic in September after she tweeted she was retiring from music and attackers took advantage of her fans’ quest for more information by poisoning her searches.

Tessa Thompson, known for her role as Valkyrie, Marvel’s first LGBTQ superhero, was listed as the number 10 riskiest popular search term this year thanks to her leading roles in “Men in Black: International” and “Avengers: Endgame.”

Cyber-criminals also use the same celebrity-baiting tactics internationally. According to McAfee, the most dangerous online celebs around the world are:

Australia – Comedian, actor, and TV host John Oliver.
France – Actor/producer Jamel Debbouze.
Germany – Heidi Klum and actress Emilia Clarke tied as Germany’s riskiest celebs.
India – Cricketer M.S. Dhoni.
Singapore – Malaysian actress Michelle Yeoh
.Spain – Singer Camila Cabello.
U.K. – TV host of the reality show “Love Island,” Caroline Flack.

Gary Davis, chief consumer security evangelist at McAfee explained the risks involved with searches for these celebrities.

Consumers may not be fully aware that the searches they conduct pose risk, nor may they understand the detrimental effects that can occur when personal information is compromised in exchange for access to their favorite celebrities, movies, TV shows, or music

He warns celebrity seekers to be cautious.

It is essential that consumers learn to protect their digital lives from lurking cyber-criminals by thinking twice before they click on suspicious links or download content.

rb-

Cord-cutting could be driving some of this risky behavior. McAfee found that the names of the risky celebs like Bledel, Fallon, and Chan are strongly associated with searches including the term “torrent.”

These users are bypassing the subscription services like Hulu and Amazon to save a few bucks put their digital lives at risk in exchange for pirated content.

Related article

11 Malware Attacks That Nearly Wrecked the Internet (Popular Mechanics)

Category: Uncategorized | Tags: 2019, Alexis Bledel, Heidi Klum, Jackie Chan, Jimmy Fallon, Malware, McAfee, Security, Star Wars

RB | February 6, 2018

Comments Off

Worst Passwords – 2017

Today is “Safer Internet Day” which is needed. Despite the spate of well-publicized hacks, attacks, ransoms, and even extortion attempts, millions of people continue to use weak, easily guessable passwords to protect their online information. SplashData, provider of password management applications has released its annual Worst Passwords of the Year (NSFW) list. The seventh annual report was compiled from more than five million passwords leaked during 2017.

For the fourth consecutive year, “123456” and “password” held on to the number 1 and #2 spots on the SplashData list. Variations of each, either with extra digits on the numerical string or replacing the “o” with a “0” in “password,” make up six of the top 10 most often used passwords. Morgan Slain, CEO of SplashData warns, “Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.”

Star Wars is popular

Star Wars fans were so excited by the recent premiere of “Star Wars: The Last Jedi“, that they moved “starwars” up to #16 on the most frequently used bad passwords list. SplashData’s Slain observed that it is not a good password.

Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use … Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.

Another problem with many of these bad passwords, they are simply a straight row of characters across the keyboard making them easy for attackers to guess. Pattern passwords in the bad list include:

12345
123456
1234567
12345678
123456789
qwerty
qazwsx
1qaz2wsx

SplashData’s 25 worst passwords of 2017:

1 – 123456
2 – password
3 – 12345678
4 – qwerty
5 – 12345
6 – 123456789
7 – letmein
8 – 1234567
9 – football
10 – iloveyou
11 – admin
12 – welcome
13 – monkey
14 – login
15 – abc123
16 – starwars
17 – 123123
18 – dragon
19 – passw0rd
20 – master
21 – hello
22 – freedom
23 – whatever
24 – qazwsx
25 – trustno1

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.

SplashData offers these tips to be safer from hackers online:

1. Use passphrases of twelve characters or more with mixed types of characters including upper and lower cases.
2. Use a different password for each of your website logins. If a hacker gets your password they will try it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.

rb-

Sighs – I covered this again and again ……

One older report I’ve seen says that attackers were able to crack open 254,776 of 499,556 (51%) hashed passwords within 24 hours and 439,610 (88%) within two weeks. The same report says that it can only take one day to crack an eight-character password, while it takes an average of 591 days to crack a 10 character password.

Another report on password hacks points out the value of each additional character in a password.

A 6-character password with only letters has 308,915,776 possible combinations.
An 8-character password with only letters has 208,827,064,576 possible combinations.
An 8-character password with letters (upper & lower case) and includes numbers and symbols has 6,095,689,385,410,816 possible combinations.

Related article

Survey Says: People Have Way Too Many Passwords To Remember (BuzzFeed)

Category: Uncategorized | Tags: 2018, Best practices, Passwords, PII, Security, SplashData, Star Wars, worst practices

RB | January 25, 2016

Comments Off

2015’s Worst Passwords

Followers of Bach Seat know that passwords suck. For even more proof that passwords suck, the password-management company SplashData released its fifth annual list of the most popular passwords. SplashData studied more than 2 million passwords that were leaked in 2015 and identified the most commonly leaked passwords and those that were least secure from Western European and North American users according to Business Insider.

2015’s worst passwords

Most of the 2015 results are not surprising.

123456 is the most common password. It has been #1 since 2013.
Password is the second most common password. It too has been #2 since 2013. Password was the most common password in 2012 and 2011.
12345678 is the third most common password found in the Splash data results. In fact, 12345678 has been the most consistent performer, having been in the #3 place four of the past five years.

One surprise was that the Disney marketing machine was able to get Star Wars related terms into the top 25 worst passwords in 2015.

princess
solo
starwars

Here’s SplashData’s full list. If your password is on here, think about changing it.

25 Worst passwords

	2015	2014	2013	2012	2011
1	123456	123456	123456	password	password
2	password	password	password	123456	123456
3	12345678	12345	12345678	12345678	12345678
4	qwerty	12345678	qwerty	1234	qwerty
5	12345	qwerty	abc123	qwerty	abc123
6	123456789	123456789	123456789	12345	monkey
7	football	1234	111111	dragon	1234567
8	1234	baseball	1234567	pussy	letmein
9	1234567	dragon	iloveyou	baseball	trustno1
10	baseball	football	adobe123	football	dragon
11	welcome	1234567	123123	letmein	baseball
12	1234567890	monkey	admin	monkey	111111
13	abc123	letmein	1234567890	696969	iloveyou
14	111111	abc123	letmein	abc123	master
15	1qaz2wsx	111111	photoshop	mustang	sunshine
16	dragon	mustang	1234	michael	ashley
17	master	access	monkey	shadow	bailey
18	monkey	shadow	shadow	master	passw0rd
19	letmein	master	sunshine	jennifer	shadow
20	login	michael	12345	111111	123123
21	princess	superman	password1	2000	654321
22	qwertyuiop	696969	princess	jordan	superman
23	solo	123123	azerty	superman	qazwsx
24	passw0rd	batman	trustno1	harley	michael
25	starwars	trustno1	000000	1234567	football

Protect yourself

To keep your passwords secure, you definitely shouldn’t use any of the passwords on the list.

SplashData offers three simple tips to help people protect themselves:

Use passwords or passphrases of twelve characters or more with mixed types of characters;
Avoid using the same password over and over on different websites
Use a password manager such as SplashID to organize and protect passwords, generate random passwords, and automatically log into websites.

rb-

What to do if you are responsible for securing systems where your users use these passwords? Stop Them!

This is what makes passwords suck – Implement complexity rules:

Minimum of 8 characters
A mix of characters, UPPER CASE, lower case, numbers, and special characters.
Prevent reusing passwords
Blacklist all the above passwords so they can never be used again.

How to make bad passwords better, and more hope for the future of authentication (macworld.com)

Category: Uncategorized | Tags: 2016, Management, Passwords, PII, Security, SplashData, Star Wars, Worst

RB | May 4, 2015

Comments Off

May the Fourth Be With You

Category: Holidays | Tags: 2015, May 4th, Star Wars

« Older Entries

Bach Seat

Tag Archive for Star Wars

Passwords That Won’t Keep You Safe

2021's Worst Passwords

Bad password factoids

Password risk index

Celebrities You Shouldn’t Google in 2019

Worst Passwords – 2017

Star Wars is popular

SplashData’s 25 worst passwords of 2017:

2015’s Worst Passwords

2015’s worst passwords

25 Worst passwords

Protect yourself

Related articles

May the Fourth Be With You

Meta