Except when he’s your password…
An analysis of passwords found in the 2009 breach of Rockyou — 32 million accounts — finds a large number of Biblical references (“jesus”,” “heaven”, “faith”, etc), including a number of Bible verse references (“john316”).
Another too-popular choice is “jesus,” or variants like “jesus777” and “jesus143.” Collectively, more than 21,000 people in the breach used the Son of God’s name as a password, making it the 30th most common password overall, a bit behind “tigger” (No. 22) and ahead of “football” (No. 45).
The same hacker who was selling the data of more than 164 million LinkedIn users last week now claims to have 360 million emails and passwords of MySpace users, which would be one of the largest leaks of passwords ever.
The passwords were originally hashed with the SHA1 algorithm, which is known to be weak and easy to crack, and they were not salted. “Salting” makes decrypting passwords exponentially harder when dealing with large numbers of passwords such as these.
Below are the top 55 passwords that LeakedSource cracked so far.
Earlier this week passwords that were jacked from LinkedIn from 2012 were offered for sale online. What initially thought to be a theft of 6.5 million passwords has actually turned out to be a breach of 117 million passwords. The cache of stolen accounts were hashed with the recently deprecated SHA-1 algorithm. leakedsource.com was able to get their hands on the dump the passwords weren’t salted and easily cracked. Below are their results.
Every year, SplashData complies a list of the millions of stolen passwords made public throughout the last twelve months, then sorts them in order of popularity. This year the results, based on a total of over 2 million leaked passwords, are not the list of random alpha-numeric characters you might hope for. Rather, they’re a lesson in exactly how not to choose a password.
Today is now International Password Awareness Day!! If you share passwords, don’t have unique passwords between services/sites, use words that can be found in a dictionary, or have passwords that are less than at least 10 characters (extra points for the longer and more complex) GO CHANGE YOUR PASSWORDS. There are so many pieces of software out there like keepass, lastpass, passwordsafe that will allow you to store your passwords. Not being able to remember your passwords is not a good enough excuse anymore.
We can fix this problem if we hold each other to higher standards!
Accounts exposed in the hack of Ashley Madison, had passwords that were just as weak as the rest of the internet, according to research group, CynoSure Prime, that cracked the encryption on 11.7 million of them. The top three: 123456, 12345, and password.
Here are the top 100 most common passwords found: