Hacking - easy as abc123

BY JULIA TALEVSKI

You may be leaving the door to your online accounts wide open.

An analysis of tens of millions of leaked passwords reveals the most common are basic number strings such as "123456" and obvious keywords including "password" and "abc123".

Data security provider Imperva, which analysed the passwords in a new report, says such laziness is often equivalent to having no locks on the account at all as simple passwords are easily broken using "brute force" techniques.

The report, Consumer Password Worst Practices, analysed 32 million passwords that were exposed in a Rockyou.com breach in December.

Not only did it expose commonly used passwords, but it was also similar to a 1990 Unix study, which showed a password selection that had a similar pattern to what consumers use today.

The company estimates that putting minimal effort into a password means that a hacker can access a new account every second or 1000 accounts every 17 minutes.

Brian Contos, chief security strategist at Imperva, says the scary part is that most people use the same inadequate password to access everything such as their Facebook account, email and online banking.

"Ideally you should have various passwords for everything, but it can be difficult for people to remember them," Contos says.

At a minimum users should have two sets of passwords, particularly when it comes accessing sensitive data such as online banking, Contos advises.

The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as "brute force attacks."

For companies, password insecurity can have serious consequences. Employees using the same passwords on Facebook and also use in the workplace bring the possibility of compromising the system, especially if it's as easy to crack as '123456'.

"The report gives us a good sense of how people select passwords and that a lot of organisations are not using encryption to secure password information," Contos said.

"It's a wake up call. At no point in our history has so much of our information been digitised. So much of the data is sensitive, and the threat is extreme."

Top 20 commonly used passwords and number of users with it

1. 123456 (290, 731)

2. 12345 (79,078)

3. 123456789 (76, 790)

4. Password (61, 958)

5.iloveyou (51, 622)

6. princess (35, 231)

7. rockyou (22, 588)

8. 1234567 (21, 726)

9. 12345678 (20, 553)

10.abc123 (17, 542)

11.Nicole (17, 168)

12. Daniel (16, 409)

13. babygirl (16, 094)

14. monkey (15, 294)

15. Jessica (15, 162)

16. Lovely (14, 950)

17. michael (14, 898)

18. Ashley (14, 329)

19. 654321 (13, 984)

20. Qwerty (13, 856)

- © Fairfax NZ News