Worst passwords you can use

Reports recently surfaced that 6.4 million LinkedIn passwords were stolen. LinkedIn confirmed that some of their members’ passwords were compromised, and asked the affected members to change their passwords.

The LinkedIn password hacking news emerged after a file containing 6.5 million unique hashed passwords was posted on an online forum.

According to reports around 200,000 of these passwords were already cracked, which means that the hackers had access to the plain text password which could be used to access the member’s account.

A site called LeakedIn.org was set up where users can check whether their LinkedIn passwords are part of the list of compromised passwords. The service creates a SHA-1 hash of an entered password, and then checks it against the hashed password list to see if your password was leaked (or even cracked).

One of the negative effects of the LinkedIn security breach, explains web expert Chris Shiflett, is that the growing list of hundreds of thousands of cracked passwords will be used to seed rainbow tables that can be used to crack future password leaks in SHA-1 hash format.

Because it is very difficult to reverse engineer an SHA-1 hash string, but very easy to check whether a certain password corresponds to a SHA-1 hash string (which can hence be used to access an account), it is important to select a strong password.

You must make sure that your password is unlikely to be represented in any password list or dictionary, and is also difficult to fall victim to any brute force attack.

A good starting point is to make sure your password is not among the list of most used (and hence worst) passwords.

SplashData, a provider of password management applications, provided a list of the “25 Worst Passwords of 2011”.

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

SplashData suggests making passwords more secure with these tips:

  • Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”
  • Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online e-mail, social networking, and financial services. Use different passwords for each new website or service you sign up for.
  • Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites.

Related articles

Beware saving passwords in your browser

Do you have a weak password or PIN?

Most common SSH passwords revealed

Military strength password? Think again!

Latest news

Partner Content

Show comments


Share this article
Worst passwords you can use