The recent discovery of a database of stolen login credentials reveals four of the most common passwords used by consumers.
And they're very easy to guess.
A botnet called "Pony" -- a form of keylogging malware that tracks users' keystrokes -- collected 2 million usernames and passwords for accounts associated with Facebook, Twitter, Google, Yahoo, and LinkedIn, reports CNET.
What's more, security company Trustwave discovered many of the victims -- who lived in as many as 102 countries -- had some of the weakest passwords ever.
'12345' and 'Password'
So what were the most common user passwords, as revealed by the stolen-credentials database? According to CNET, they were:
- 1234, and
- The word "Password."
Believe it or not, we're being totally serious.
Though many companies -- including Facebook, LinkedIn and Twitter -- have reset infected users' passwords, users may want to take this incident as a reminder to create more secure passwords.
Stronger Password Tips
Remember, a password is only as secure as you make it. That's why you'll want to steer clear of bad examples like, say, the United States' Cold War-era "00000000" nuclear missile code. Instead, take the following password precautions:
- Create a unique password. A strong password is long and contains numbers, upper-and-lower case letters, and special characters like $, !, and @.
- Use memorable phrases. The trick is to have a password that is both unique and memorable (for your sake). Try the first letters of an idiom, poem, or song you like. As Firstpost suggests, "Jack and Jill went up the hill to fetch" can magically transform into ""J&jwU2^2F."
- Increase the length. When it comes to passwords, size matters. Craft a password that is longer than eight characters.
- Use a password generator. If you're all tapped out of good password ideas, consider using a secure password generator.
- Change your password often. As annoying as changing a password is, it's a necessary evil. This is because even a strong unique password can be compromised. If possible, try to change your password every 90 days.
- Use vernacular language. If you're bilingual, take advantage of that -- but use the vernacular to thwart dictionary software used by hackers. The password "thirst" quenches your security needs as "tEsht@%22" in Bengali.
The time has come to move on from "12345" and "password." Get creative, people.
- Passwords reset after 'Pony' botnet stole 2 million credentials (PC World)
- Computer Crime (FindLaw)
- Top 3 Tips to Protect Yourself from Smartphone from Malware (FindLaw's Common Law)
- eHarmony, LinkedIn Hacked: Millions of Passwords Leaked in Breach (FindLaw's Common Law)