Passwords
Posted: Sat Jan 23, 2010 6:53 pm
Security analysis firm Imperva studied the list of names and passwords for the RockYou.com website which were exposed on the web in December 2009.
290,731 users had "123456"
79,078 used "12345"
Also common were "rockyou" (i.e. the website's name), ABC123 and first names and pets' names.
Passwords are a pain ... but they are a defence mechanism we control ourselves.
IT professionals working in security suggest:
Don't use a word which could be found in a dictionary.
Do use a mix of upper case and lower case.
Do use numbers, letters and special characters like £, %, $ where possible.
Do use a long password - aim for the maximum size allowed not the minimum.
A common tip is to start from a sentence or song line which you can easily remember. Use the first letter of each word. Substitute every third letter with a number you remember. Substitute every fifth letter with a symbol like ? & %.
If you may have to type your password somewhere public, i.e. where someone might watch your fingers on the keys, include a couple of "dud" characters which you type and then backspace over immediately.
Many of the websites which ask for password - like this one - are not of great importance in security terms, so you might choose an easier password and use it for all of them. But any website which has your home address, credit card number, bank access code or other important data should get the full password treatment.
Passwords on their own are not much protection, but combined with good anti-virus and security systems they offer a pretty good measure for most of us.
- Dave
290,731 users had "123456"
79,078 used "12345"
Also common were "rockyou" (i.e. the website's name), ABC123 and first names and pets' names.
Passwords are a pain ... but they are a defence mechanism we control ourselves.
IT professionals working in security suggest:
Don't use a word which could be found in a dictionary.
Do use a mix of upper case and lower case.
Do use numbers, letters and special characters like £, %, $ where possible.
Do use a long password - aim for the maximum size allowed not the minimum.
A common tip is to start from a sentence or song line which you can easily remember. Use the first letter of each word. Substitute every third letter with a number you remember. Substitute every fifth letter with a symbol like ? & %.
If you may have to type your password somewhere public, i.e. where someone might watch your fingers on the keys, include a couple of "dud" characters which you type and then backspace over immediately.
Many of the websites which ask for password - like this one - are not of great importance in security terms, so you might choose an easier password and use it for all of them. But any website which has your home address, credit card number, bank access code or other important data should get the full password treatment.
Passwords on their own are not much protection, but combined with good anti-virus and security systems they offer a pretty good measure for most of us.
- Dave