Wednesday, July 20, 2011

Has your password been hacked? Top 20 passwords.

The recent activity of hackers making passwords of hundreds of thousands (possibly millions) of people public is a concern, but not only for the reason that these people’s accounts have been compromised, but what it means to everyone else. Yes that means you.

What it means is if you are using a password you think is secure it may not be. Armed with a simple list of commonly used passwords the ability to hack someone's account now becomes much easier.

I decided to check out a hacktivists site and found a file which they made public with 62,000 email addresses and passwords. Yes those using those email addresses and passwords across multiple accounts such as Facebook and Email could have had all their accounts compromised. We know that. But what is less apparent is these databases can now be used to try to hack into other people's accounts.

I decided to take the list of 62,000 email addresses and passwords and create a list of passwords. Visually checking the list there is quite a bit of duplication so the appearance of some passwords may be overstated. However the list does give a good feel for the usage of passwords.

To help my clients my thought was to enable you to see if your password appears on one of these databases being made available by the hackers. We know names, places and dictionary words are common lists used by hackers. But now hackers have a more targeted list based on the actual usage by people. The question is, has your password been hacked? Does your password now appear in a hackers database making it easier for others to hack into your account.

The next thought I had is how do I make the list available to others. Making a list available on line for others to check sounds like a good idea, but really, who’s to say I'm not a hacker trying to get a better list of passwords. I've seen a database where you can check if your email address is on the hackers’ databases they've released, but really who is to say this simply isn't a site designed to collect additional email addresses. You can't be too careful.

 

I decided to make the list of passwords available to clients as an Excel spreadsheet. That means people download the spreadsheet and can check it on their computer. There is thus no sharing of your information and everything is open. I had thought about a program but again who is to say the program isn’t collecting information you enter. A spreadsheet is a good way to share the information and you can use Control+F (the find facility) to check for your password.

The following is the top 20 passwords. If you're using one of those passwords you should immediately change it.

123456
123456789
password
romance
102030
mystery
ajcuivd289
shadow
tigger
123
bookworm
dragon
sunshine
reader
12345
purple
maggie
reading
1234
angels

The spreadsheet with the full list of passwords to enable you to check your password is available free to clients of Online Connections and Justlocal upon request.

Kelvin Eldridge
www.OnlineConnections.com.au

No comments:

Post a Comment