Password security is once again in the spotlight after a recent phishing attack on Hotmail users after it was revealed that users who had seen their accounts hacked were using woefully inadequate passwords.
The most common single password in the sample of 10,000 Live ID login credentials (the system used to login to services such as Hotmail) posted on a development website was “123456”, with others such as “password” and “123456789” also common.
Of the 10,000 breached account details that were posted on PasteBin.com, “123456” was found to be the password in 64 examples, according to Neil O’Neil from digital payments firm The Logic Group. Whilst the represents just 0.64% of the overall sample, the findings represent a worrying lack of password best practice. There were 18 uses of the second most popular password, “123456789”, in the list.
Further analysis also highlighted common themes in password structure, with names and birthdays used frequently. Other examples include “ibelongtogod” and “666666”.
As many as 42% of the passwords used only lowercase letters, 19% were purely numeric and only 6% mixed up alpha-numeric and other characters, according to a separate analysis of the data by web application security firm Acunetix.
O’Neil suggested that the breach highlighted severe flaws in online password security and recommended users to think more carefully about how they protect their accounts.
“It used to be that the best security advice was to never write down your password,” he said. “Today’s advice however is to choose complex passwords, write them down and then put them in your wallet.
“You know when your wallet is lost or stolen and therefore that you need to change your passwords. Three initials from your name and postcode will do the trick and will take a hacker weeks to crack. Using an old postcode adds another layer of protection.”
The list of details has since been removed from PasteBin although some experts claim that the data is still accessible to those, such as hackers, who will be determined to access it.
