For the first time in 2013, we now know for a fact that a lot of governments including the self-righteous ones, spy on innocent users under the guise of national security. (Of course the Zimbabwean government does not spy on its citizens; why would you even think that!) Now, all those who were surprised please raise your hands. No doubt the naive amongst you are still surprised but with the cat out of the bag it is very surprising some people are still not security conscious. The security firm, Trustwave, released a top ten list of some of the worst passwords of 2013 and it makes for sad reading.
The firm used data obtained from the Moar Pony bot net. The bot managed to steal close to 2 million usernames and passwords: About 1.6 million were for popular websites such as Facebook ( 318 121 passwords), Gmail (54 437), Yahoo (59 549) and Twitter (21 708). The rest were from other email accounts, remote desktop sessions, FTP accounts and secure shell connections.
Top ten worst passwords.
So here are some of the worst passwords in order of popularity:
It would seem that some people are just asking to be hacked and spied on.Sure a password is not going to stop the NSA but you should at least put up a protest. I am sure that a lot of Zimbabwean’s passwords are just as bad if not worse. Don’t despair if your password did not make on the list there are still a consolation prizes to be won below.
Here is a pie chart showing overall password strengths for all the passwords
Trustwave also analysed all the passwords to try and gauge their complexity. The strongest passwords are those that use all the four character types ( upper case, lower-case, numbers and special characters) e.g. Zx0w2?#q whilst the weak passwords use only one character type e.g. password. Also the longer the password the stronger it is. Below is a graph that shows the results.
It seems a lot of people use one character type passwords of a length that is between 6-9 characters followed by those who use the same number of characters for passwords with a length between 10-13 characters. Very few people have passwords which use all four character types. Sometimes this is not the user’s fault: some systems prevent people from using special characters in their passwords for some reason even if the service they are offering could use a strong password. For example my two bank accounts( I will spare them the shame) will not allow me to use special characters when choosing my on-line banking password.
I sure hope more people will take heed in the coming year and start to use at least 3 character types when choosing their password. Unfortunately the report does not reveal how many people used the same password across services or how many idiots have their password written on a sticker that is conveniently near their computer.
Before you start commenting please change your password now!!
Quick NetOne, Telecel, Africom, And Econet Airtime Recharge
If anything goes wrong, click here to enter your query.