RockYou Breach Uncovers Nasty Truth About Lazy Passwords

The widespread hacking attacks and unauthorized intrusions have so far failed to serve as eye-openers for many web users, as a recent analysis of more than 32 million passwords has disclosed that a majority of users are still going for easy-to-guess passwords.

The recent RockYou.com security howler, which was exposed last month, has further served as the latest testimony that a huge chunk of web users still prefer “123456” as their login passwords to social networking and other important online accounts.

The security breach to the social media site RockYou.com involved millions of its users’ email addresses and login credentials to the site.

Incidentally, the hacker who infiltrated its networks has published the complete list of passwords on the internet, and the detailed analysis of these passwords presented some striking results.

The stolen password and data was analysed by the US-based security vendor, Imperva Application Defence Centre (IADC). After “123456”, it was “12345” which emerged as the most common password, followed by some of the commonly-used words such as “password” and “qwerty”.

Unfortunately, only a mere 0.2 percent users - that's one of every 500 users - of the website were found to have what could be considered as strong passwords, containing combination of symbols, and alphanumeric characters.

Our Comments

The report further suggested that using the automated “brute force” tool, which contains a list of 50,000 most commonly used passwords on the web, a hacker could easily have broken the passwords of more than 1,000 accounts in just 17 minutes.

Related Links

RockYou hack reveals easy-to-crack passwords

(Register)

RockYou affair reveals shabby password strength

(Tech Watch)

Security report: Web users pick passwords that are way too easy to hack

(Beta News)

New study highlights weak password policies

(V3.co.uk)

Social networking site breach exposes most popularly used passwords

(Independent)