1/22/2015

The 10 Most Embarrassingly Stupid Passwords of 2014 - Yahoo News India

View Photo
Yahoo India/ThinkStock - Passw ord security is a serious concern but most users don't seem to be aw are of it

We know your password. Now, change it before that troll updating your Facebook timeline with things
unmentionable dies laughing.
Despite the Internet being abuzz with cautionary notices on setting strong, hack-proof passwords, most users
still choose the most embarrassingly simple phrases to protect their email and social media accounts.
Exactly how simple? Consider these: 123456. qwerty. password.

data:text/html;charset=utf-8,%3Cdiv%20class%3D%22yom-mod%20yom-art-related%20yom-art-lead%22%20id%3D%22mediaarticlelead%22%20style%3D%2

1/4

1/22/2015

The 10 Most Embarrassingly Stupid Passwords of 2014 - Yahoo News India

Of embarrassing interestingness is the fact that 123456 is still at the top of the list. With 12345jumping up 17
places to No 3. Sitting tight in second place is the unassumingly sinister password. Oh yeah, and access,
football and dragon were the other cryptic words that users had dreamed up to keep their dark secrets safe
from the prying world.

The word 'password' is pictured on a computer screen

Thats a fact that SplashData, the tech security company that makes the SplashID password management
application, published on its website as it does every year. How Internet users away with this is
unfathomable, since banking websites, for instance, are known to insist on passwords that use a combination
of letters of the alphabet in uppercase and lowercase, numerals and special characters besides multiple layers
of verification.
Here are the Top 10:
1 123456
2 password
3 12345
4 12345678
data:text/html;charset=utf-8,%3Cdiv%20class%3D%22yom-mod%20yom-art-related%20yom-art-lead%22%20id%3D%22mediaarticlelead%22%20style%3D%2

2/4

1/22/2015

The 10 Most Embarrassingly Stupid Passwords of 2014 - Yahoo News India

5 qwerty
6 123456789
7 1234
8 baseball
9 dragon
10 football
Does any of that sound like you?
SplashData suggests the following measures to compose a crack-resistant password:
1. Use passwords of eight characters or more with mixed types of characters
2. Avoid using the same username/password combination for multiple websites.
3. Use a password manager to organise and protect passwords, generate random passwords and
automatically log in to websites.

So what makes a strong password?

Cryptoanalysts use the phrase 'password cracking' to describe the process by which passwords can be
recovered from data stored in or transmitted by a computer system. The most common approach is bruteforce attack -- in which a computer tries every possible combination repeatedly to guess the password based
on patterns. Obviously, our top 10 (or even SplashData's list of top 25) wouldn't stand a glimmer of a chance.
It is understood that the strongest of passwords (a user-selected eight-character password of numerals,
mixed case and symbols) takes about 16 minutes to crack.
For instance, the easier your password is to remember, the easier it is to guess. Attackers know the exact
data:text/html;charset=utf-8,%3Cdiv%20class%3D%22yom-mod%20yom-art-related%20yom-art-lead%22%20id%3D%22mediaarticlelead%22%20style%3D%2

3/4

1/22/2015

The 10 Most Embarrassingly Stupid Passwords of 2014 - Yahoo News India

tricks that you use. Substituting letters for numbers is a common trick, and most attackers won't even need a
computer program to resolve that. The same goes for typing a password with letters from one keyboard row
higher.
Are passwords the final frontier?
Think of a phrase (not a common phrase) and substitute each first letter with a numeral for a password. Or
mix them up. Devise a personal algorithm -- basically, a set of rules that only you can decode.
Email services such as Yahoo Mail and Gmail insist on higher levels of security. Gmail, for instance, allows
you to verify your account with a random authentication code generated by an app running on your mobile
device or phone. This is an additional level of security after you enter your password. If you are likely to use
your email without access to your phone, you can print and save a list of random numeric codes to log you in.
However, if you run a personal website or blog whose security you care about, it is recommended that you
use an identity verification system that doesn't rely on alphanumeric passwords. WordPress plugins such
as WordFence Security lock out users after three unsuccesful login attempts, or restrict access to users
accessing your site from servers with particular domain names.
Captcha -- an acronym for Completely Automated Public Turing test to tell Computers and Humans Apart - is a challenge-response computing test where random images with cryptic but legible characters are shown
to users, which they are required to key in correctly. Unsuccessful attempts lock them out, and though
Captchas provide audio support to visually impaired users, it has been known to be an irritant to impatient
users.
Clef, which describes itself as a "two-factor authentication system from the future", uses secure biometrics -the user's fingerprint -- to log them in from their phones, followed by displaying a wave form or suchlike
cryptic pattern that has to be synced with a similar pattern on the site's login panel via the user's phone
camera.
Just to reiterate, if your password is 'password', it isn't a password.

data:text/html;charset=utf-8,%3Cdiv%20class%3D%22yom-mod%20yom-art-related%20yom-art-lead%22%20id%3D%22mediaarticlelead%22%20style%3D%2

4/4