Skip to main content

'123456' giving tough competition to 'password' in Worst 25 Passwords of 2013


123456, password, 12345678, qwerty… or abc123, How many of you have your password one of these??? I think quite a many of you.

Even after countless warnings and advices given to the users by many security researchers, people are continuously using a weak strength of password chains.

After observing many cyber attacks in 2013, we have seen many incidents where an attacker can predict or brute-force your passwords very easily.

From 2012, the only change till now is that the string “password” has shifted to the second place in a list of the most commonly used passphrases and string “123456” has taken the first place recently, according to an annual "Worst Passwords" report released bySplashData, a password management software company

They announced the annual list of 25 most common passwords i.e. Obviously the worst password that found on the Internet. The Most common lists of the passwords this year are "qwerty," "abc123," "111111," and "iloveyou", which are really easily guessable.

"Another interesting aspect of this year's list is that most short numerical passwords showed up even though websites are starting to enforce stronger password policies," says Morgan Slain, CEO of SplashData.

Below are the worst passwords list of 2013 with Rank and showing the comparison of it from 2012:
List of Worst Passwords 
If you are also using one of these passwords or other dictionary words, then you are advised to change it as soon as possible. We further advise you to use different passwords for different accounts, as if one of your account gets hacked, you’ll be totally ruined.

The above list of passwords was compiled from data dumps of stolen passwords posted online, and the firm says it was especially influenced by the millions of Adobe accounts that were compromised in the fall.

Fact & figure
Stricture Consulting Group attempted to decrypt the leaked Adobe passwords and released an estimate that almost 2 million of the more than 130 million users affected by the breach appeared to be using "123456" as a password.

Now when you talk about various security measures to protect your privacy and data, installing an Antivirus doesn’t mean that here your work gets over and you are safe enough. “God helps those who help themselves” likewise nobody can secure your privacy unless and until you yourself not willing to.

Here I have listed some useful tips to make your password strength secure and easier to remember:
  • Use a combination of lowercase, uppercase, numbers, and special characters of 8 characters long or more like s9%w^8@t$i
  • Use short passphrases with special characters separating to make it difficult for crackers and could be easily remembered like cry%like@me (cry like me)
  • Avoid using the same combination of passwords for different websites
  • If it is difficult for you to remember different passwords for different websites and accounts than try using Password manager applications like RoboForm, 1Password, LastPass.
STAY SECURE, STAY SAFE!

Comments

Popular posts from this blog

Facebook Web Security Bug Bounty: Directory Traversal Vulnerability / RCE In Parse.com

http://parse.com   directory traversal vulnerability Little Insight: http://parse.com  was vulnerable to a directory traversal / RCE vulnerability. As a result, it was possible for an attacker to load web server-readable files from the local filesystem. or Run commend on That Well this is my 4th reward form facebook  Directory Traversal or RCE Vulnerability  That  give me 5th position in Facebook white-hat Page Report Date :23  July 2014 Reward For Directory Traversal or RCE Vulnerability :  20000$ How This work......? As we discussed earlier on my old post  Flowdock Directory Traversal Vulnerability exposed files outside of Rails’ view paths. '%5C' turns into '\' after decoding. Using Rack::Protection    it only rejects '/../' segments in the request path.   patch apply for Rack::Protection acording CVE-2014-0130  and  also Reject now '%5C' turns into '\' af...

HC WeB : A Browser for HACKERS...

A Browser for HACKERS... Try for Free... Download HC WeB Setup Gallery: Online Penetration Testing Tools Index Information Gathering Whois DNS Location Info Enumeration and Fingerprint Data Mining Search Engines Editors Online Text Editors Share Text Snippets Network Utilities Ping HTTP HTTPS VNC Remote Desktop SSH DNS Sniffers Misc Forensics Frameworks URL Cloaking E-mail Password Cracking Encoders and Decoders Encoders Decoders Malwares Malware Analysis Identify Malicious Websites Suspected Malicious IPs and URLs Application Auditing SQL Injection Cross Site Scripting File Inclusion Anonymity Proxy Others Hackery Open Penetration Testing Bookmarks Collection Hacker Media Blogs, Forums, Magazines and Videos. Methodologies Penetration testing frameworks, standards and methodologies. OSINT Presentations, People, Organizations and Infrastructure.  Exploits an...

Confirmed: Angry Birds website hacked by Anti-NSA Hacker

Syrian Electronic Army yesterday posted a tweet saying that one of its friend with handle "Anti-NSA" hacker defaced the Angry website. At the time, we were not able to confirm the defacement.  No one was reported to have seen the hack.  Even the Zone-h mirror didn't confirm the defacement, displayed a message "The mirror is onhold and has not been verified yet". So, we didn't have strong proof to report the hack.  Today,  Rovio, creator of angry birds, confirmed that the defacement was there for few minutes and corrected immediately.  Now, the Zone-h record also confirmed it. Antti Tikkanen, Director of Security Response at F-Secure Labs, said in twitter that the attack is actually 'DNS Hijack attack'. He mentioned that the website itself not touched by the hacker; hacker managed to modify the DNS records. He also said that the angrybirds website pointed to some IP address(31.170.165.141) assoicated with Lithuania for at least one hour.  The same ...