The 2013 list of worst passwords, influenced by postings from the Adobe breach, demonstrates the importance of not basing passwords on the application or website being accessed.
SplashData has announced its annual list of the 25 most common passwords found on the Internet. For the first time since SplashData began compiling its annual list, “password” has lost its title as the most common and therefore Worst Password, and two-time runner-up “123456″ took the dubious honor. “Password” fell to #2.
According to SplashData, this year’s list was influenced by the large number of passwords from Adobe users posted online by security consulting firm Stricture Consulting Group following Adobe’s well publicized security breach.
“Seeing passwords like ‘adobe123′ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” says Morgan Slain, CEO of SplashData.
SplashData’s list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords. Some other passwords in the Top Ten include “qwerty,” “abc123,” “111111,” and “iloveyou.”
“Another interesting aspect of this year’s list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies,” Slain said. For example, new to this year’s list are simple and easily guessable passwords like “1234″ at #16, “12345″ at #20, and “000000″ at #25.
1] SplashData News – Worst Passwords of 2013
2] Stricture Group – Top 100 Adobe Passwords with Count
A hacker who calls himself Hannibal has posted thousands of alleged login email addresses and passwords of Arab Facebook users.
Emails and passwords for the social network Facebook have been published on Pastebin. Hannibal claims he has more than 30 million credentials of Arab users that he will publish regularly.
The hacker backs Israel and said, “State of Israel, not to worry, you’re in the hands of the world’s best hacker that I am. I will continue to support the government of Israel will continue to attack the Arab countries.”
In addition to the Facebook details he claims that he has possession of 10 million bank accounts and four million credit card details, which he warns he will publish if Iran continues to threaten Israel.
The most recent post said, “Unfortunately today I received an email from Mohammad Reza Rahimi [an Iranian politician] who threatens that would raise most of his men to find me and kill me. I assure you Mr. Fool, you can keep looking as you want, you will not find me even if you have a staff of 1,000 people who search for and carry out search for information about me.”
A spokesman for Facebook said, “This does not represent a hack of Facebook or anyone’s Facebook profiles. We have spent time investigating the information and have determined less than a third of the credentials were valid and almost half weren’t associated with Facebook accounts.”
“Additionally, we have built robust internal systems that validate every single login to our site, regardless if the password is correct or not, to check for malicious activity. By analysing every single login to the site we have added a layer of security that protects our users from threats both known and unknown. Beyond our engineering teams that build tools to block malicious activity, we also have a dedicated enforcement team that seeks to identify those responsible for threats and works with our legal team to ensure appropriate consequences follow.”