“123456” is not enough for computer security

"123456" is not enough for computer security

Following malicious hacks and the subsequent publication of “The Mother of all Password Dumps” containing more than 226 million unique e-mail addresses and passwords, several security companies wondered again about the naivety of humankind, the recklessness of digital natives and the incapability of human brains to memorize passwords.

Indeed and in fact, the passwords that were most prevalent in the aforementioned and other similar dumps were just too easily guessable:

  1. 123456
  2. 123456789
  3. picture1
  4. password
  5. 12345678
  6. 111111
  7. 123123
  8. 12345
  9. 1234567890
  10. senha

Blame the users!

But it is not that simple. Unfortunately, internauts using today’s World Wide Web are asked on every corner to register even when accessing the most trivial information: newsletters, downloads of free software, etc. Before being able to read a news article or launch a download, the website asks you to provide a username, e-mail address and password. Even if you won’t come back a second time. Those passwords are just simple handles, tokens, with no real protective purpose as there is nothing to protect; they are purely for the sake of registration. For those cases, the simplistic passwords above are perfectly fine as there is nothing valuable to protect. You might even put some randomly typed letters as a password and forget about it, taking advantage of the “reset my password” procedure should you ever come back.

Read more.

Source: “Computer Security: When “123456” is insufficient”, The Computer Security Team, CERN News