In a recent hack attack, Twitter had 33 million user login credentials stolen. This is unfortunate, but not surprising; an incident like this routinely makes the headlines. Although, what is surprising is what this hack reveals about people’s poor password security habits.
An analysis of the millions of stolen credentials by security company LeakedSource shows a troubling practice; the most-used passwords are also super easy to guess. In fact, the number one password (connected to more than 120,000 accounts) is “12345.”
Fans of the 1987 Mel Brooks film Spaceballs can see the irony here. In one of the movie’s most quoted scenes, the evil-yet-lovable Dark Helmet is blackmailing King Roland to turn over the password protecting Druidia’s precious atmosphere. Eventually, King Roland caves and reveals the super-secret, super-important password to be, you guessed it, “12345.”
To which Dark Helmet replies, “That's the stupidest combination I've ever heard in my life! That's the kind of thing an idiot would have on his luggage!”
The report from LeakedSource goes on to reveal that the other, most-used passwords are also ridiculously easy to guess; “123456789,” “qwerty,” and “password.”
The fact that Spaceballs came out almost 30 years ago is evidence that using overly simple passwords has been a problem for quite a while, and, as long as there will be passwords, this will continue to be a major issue. Fortunately, the solution is stupidly simple; make sure to use complex passwords with random characters.
Although, using complex passwords is only part of the security equation. For websites and services offering two-factor authentication, like Twitter, you’ll want to take advantage of it. This way, even if a hacker made off with your super-complex password, they’ll still need access to your email account or smartphone in order to log in.
One additional password blunder that’s all too common and easy to avoid is using the same password for multiple accounts. In a major hacking situation like Twitter experienced, even a novice hacker could connect the dots and use the stolen password to try and log into different accounts belonging to the victim.
What kind of a King Roland-like idiot would use the same, super-simple password across multiple online accounts? Well, Facebook’s CEO Mark Zuckerberg for one.
On June 6th, Mark Zuckerberg lost control of his Twitter and Pinterest accounts after a hacker used the same password to access both of them. The super-complex password that stood between a hacker and the King of Social Media, “dadada.” Admittedly, this is a step up from “12345,” but not by much.
To make matters worse, Zuckerberg had used this password before. This highlights yet another best practice when it comes to password security; be sure to routinely change your password, and when you change it, make sure to not use a password that you’ve used before.
Being smart about your passwords will go a long way in protecting your online identity. For your business, it’s wise to take as many security precautions as possible in order to protect your network from hackers looking to steal your company’s sensitive information. To learn more about how Bevlin can keep you safe, call us at 781-679-0172.