Hacking as easy as abc 123

22 Jan 2010

How careful are you when it comes to choosing passwords for your online accounts and services? A whitepaper from web security firm Imperva shows that most of us choose passwords that are not only too short, but far too easy to guess.

When Imperva analysed the 32 million passwords that were recently exposed as a result of the Rockyou.com breach, the findings were shocking: a large number of people didn’t make any effort to keep their account secure with the most common passwords being simple numeric sequences: ‘123456’, ‘12345’, and ‘123456789’.

Almost 776,000 users choose the above as passwords while a further 61,958 chose ‘Password’ as theirs!

Common passwords

Other common passwords included ‘iloveyou’, ‘princess’, ‘rockyou’, and abc123. In other words, almost 20pc of the userbase used names, slang, dictionary words or simple sequences of numbers or letters, leaving them open to easy hacking.

In fact, Imperva found that if a hacker had used the list of the Top 5,000 passwords as a dictionary for a brute force attack on Rockyou.com users, it would have taken only one attempt (per account) to guess 0.9pc of the users’ passwords – a rate of one success per 111 attempts.

The problem with this is that another study has found that almost 50pc of web surfers use the same or a similar password for all of their internet accounts, so a vulnerability like this could open them up to identity theft.

Imperva said that the combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will on average gain access to one new account per second, taking only 17 minutes to break into 1,000 accounts.

Advice on setting passwords include choosing one that is at least eight characters long and having an alphanumeric mix, making it more difficult to crack.

By Marie Boran

Photo: Nearly half of web users use the same or similar password for all their online accounts, one study has found