The most popular passwords from 2013
If there's one "benefit" to countless databases containing encrypted passwords being compromised, it's that we can do some pretty neat analysis on what the most popular passwords that we use are. Is your password on the list up above? If so, you should probably change it. ;)
This also brings up a really interesting point: do you use some sort of password management application such as 1Password, Lastpass, Apple's built-in keychain, or something else? It's something I've been a huge supporter of and have tried to convince many friends and family to use. The benefit is that you can easily generate site specific passwords that are basically a random string (e.g., "gViU2mO0rXo"). Your password management app remembers this for you and all you need to do is enter a master password to unlock it and log in (of course if your master password is compromised, you're screwed).
Interestingly enough, I've also started using a password manager for security questions on websites. The questions and answers are often stored in plaintext and are easy enough to scrape if a database is compromised. It takes some extra work, but it's some nice peace of mind!
Interestingly enough, I once had to cancel an account with some credit check website and they required me to call in. To verify my identity, they asked for my mother's maiden name, which for this website I had listed as "Who-Da-Pew-Chili." The nice lady was like, "Wow, that's a unique name..." But hey, it matched what I entered when I signed up with them! (This nice folks behind 1Password actually break this down: blog.agilebits.com/2012/08/11/blizzard-and-insecur...)
I try and use 2-step authentication though whenever I can, as long as they are willing to send me an sms for it. (IE not app-based) That way I can feel a bit safer even if my passwords are compromised.
Also I keep the backup codes printed out and hidden somewhere, so if all technology fails me, I can still get in
For example, we got a lot of data like this from the Gawker attack a while back, and we saw some of the same stuff. In that case, people were often just going through the account creation as a formality so they could get in and write a comment. They could care less if their account was hacked.
I'm willing to wager that an extremely small number of the people using the passwords in this list are also using them for things like online banking or their Amazon account.
I often feel the same way about these types of sites, but I still use Lastpass for everything because it's just easier. Lastpass (and these other password managers) are one of the first times where being more secure is actually easier. I don't know my password for any services I use, and I never have to enter anything but my Lastpass password whenever I log into anything on my computer or my phone. It's so much better than storing things in the web browser.
ps-I'm not saying that all of the hacked sites are low-priority sites, but I think it represents most of these common passwords. Even with Adobe, that includes a lot of people who are just creating accounts to post on their forums and have never bought any software from them.
This post has been removed.
9 users following this discussion:
This discussion has been viewed 8285 times.
Last activity .