There should be some kind of class on what constitutes a strong password, because people still aren’t getting it.
The Strait Times out of Singapore is naming and shaming some of the worst and easiest-to-predict passwords, and it’s embarrassing how obvious some of the winners are.
Topping the list for 2015: 123456; password; 12345678; qwerty; 12345; and 123456789.
The list was published just a week after a former administrative assistant admitted in court to cracking the passwords of 300 SingPass members, a services of the Singaporean government, and selling those details to a China-based syndicate with the intention of using that data to create fake Singapore visa applications. The accused, James Sim Guan Liang, 39, reportedly realized people are using their account numbers as their passwords or, instead, used their username for both items. Or, in some cases, he was able to figure out their security information by scouring social media posts.
“Sometimes the answers to security questions for resetting passwords can easily be retrieved from an individual’s personal data,” Vicky Ray, a threat intelligence analyst from Palo Alto Networks, told The Strait Times. “This could be responses to questions like: Where did one go to school? Such information can easily be retrieved from LinkedIn or Facebook.
The worst and most easily hacked passwords in 2015, according to Splash Data, are as follows:
“With common, widely available cyber security tools, the average six- character, all-lowercase password takes less than 10 minutes to be cracked,” said Mr David Siah, country general manager of security software firm Trend Micro Singapore, told The Strait Times. “Adding just one capital letter and an asterisk increases the cracking time for an eight-letter password from 2.4 days to 2.1 centuries.”
Ray also provided a list of mistakes people make in choosing a password:
- Using personal information that can be found on social media or commonly used words as passwords
- Not using complex passwords that include a combination of lowercase letters, uppercase
letters, digits and symbols.
3. Using short passwords that are fewer than nine characters in length.
4. Using one password for multiple websites or accounts.
5. Not changing passwords regularly.