Internet Password Security
By Cloud Direct • 21 Jan 2010
I read an article in the Telegraph recently that talked about the most commonly used internet passwords. The story was based around research conducted by data security firm, Imperva, who did an analysis of around 32 million passwords that were recently exposed during a hack on social networking website, RockYou.
The data was exposed after a hacker breached the site’s company database and gained access to 32 million unencrypted username and password details. Revealed below are the ten most popular account passwords chosen by RockYou users:
The results are hardly surprising. Most of them are highly unoriginal and stupidly simple – which is why they’re in the top ten!
RockYou is a photo-sharing, social-networking website. Community members can play games and integrate with other websites like Facebook, MySpace and Bebo and as such, this incident is not particularly devastating. However, while the majority of RockYou users are children and teenagers (or at least you would hope so), is does raise eyebrows surrounding attitudes to online security by young people.
Information security company, RSA, recently conducted a global survey that showed those aged between 16 and 24 were those at ‘most risk’ from online fraud. The research implies that younger generations are more likely to ‘conduct more of their lives online’ – regularly participating in activities such as shopping, networking and banking. With so many different logins and passwords needed to access various applications and services it’s natural that many will have generic passwords for easy and quick access.
It is of course unfair to single out Generation Y for carelessness. I, myself, have been found guilty in the past for having only one or two passwords that I used to access a multitude of services (and I even got those mixed up). Thousands of people suffer from online fraud every year because their email password is the same as their Amazon password is the same as their banking password. Cases like this only serve to make me, and others, more aware.
Relating this back to information security in business - you really shouldn’t let employees choose their own passwords.
Share this post