1.9 Million of you use 123456 as a Password and it has to stop

We found this recent post by our partners at Firestorm eye-opening:

What’s this all about?  Adobe was recently hacked and about 150 million people’s account details have been leaked.

passwordFrom News.Softpedia “Cybercriminals have managed to steal over 130 million encrypted passwords after hacking Adobe’s systems. However, since the company did a poor job of encrypting them, security experts have already managed to crack most of them.”

That’s because Adobe used the Triple DES (3DES) hashing algorithm in ECB mode to encrypt the password. This type of encryption provides some clues to what the passcode might be.

This, combined with the fact that Adobe’s database also contained password hints, made it trivial for experts to crack them.

Stricture Consulting Group has published a list of the 100 most common passwords used by the Adobe customers whose details were stolen by cybercriminals.

Unsurprisingly, the most common password is “123456,” used by 1,911,938 people. “123456” is followed by “123456789,” a passcode set by 446,162 individuals.

The top ten also includes “password,” “adobe123,” “12345678,” “qwerty,” “1234567,” “111111,” “photoshop” and “123123.””

First thing you need to do?  Go to http://adobe.cynic.al/http://adobe.cynic.al/ and check to see if your email is on the list.  Change your Adobe password immediately, and please use a complex password.

Considering Passphrases as opposed to Passwords

From technet.microsft.com:

The key differences between pass phrases and passwords are:

(1) A pass phrase usually has spaces; passwords don’t

(2) A pass phrase is much longer than the vast majority of words, and, more important, longer than any random string of letters that an ordinary person could remember.

Although a pass phrase could simply be considered a very long password, typically it is constructed of a sequence of words, or something similar to words.

Second, you need to understand the difference between password guessing and password cracking. Password guessing is when someone sits at the console or at a remote machine trying passwords. Guessing is not relevant to this article, because if an account has a relatively complex password, guessing will not succeed anyway. If guessing succeeds, the cause is either incredible luck on the part of the attacker, or a weak password.

Strong Passwords and Passphrases

From Microsoft Security: A strong password is an important protection to help you have safer online transactionssafer online transactions. Here are some steps to create a strong password. Consider using some or all to help protect yourself online:

  • Length. Make your passwords at least eight (8) long.
  • Complexity. Include a combination of at least three (3) upper and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variation. Change your passwords often. Set an automatic reminder to update passwords on your email, banking, and credit card websites every three months.
  • Variety. Don’t use the same password for everything. Cyber criminals can steal passwords from websites that have poor security, and then use those same passwords to target more secure environments, such as banking websites.

There are many ways to create a long, complex password. Here are some suggestions that might help you remember it easily:

What to do Example
Start with a sentence or two. Complex passwords are safer.
Remove the spaces between the words in the sentence. Complexpasswordsaresafer.
Turn words into shorthand or intentionally misspell a word. ComplekspasswordsRsafer.
Add length with numbers. Put numbers that are meaningful to you after the sentence. ComplekspasswordsRsafer2013.

More strategies for strong passwords

Test your password with a password checker

A password checker evaluates your password’s strength automatically. Try Microsoft’s password checker.

Characteristics/Examples of Weak/Bad Paswords/Passphrases

  • Do we have to say 123456?
  • Your name in any form – first, middle, last, maiden, spelled backwards, nickname or initials
  • Your user ID or your user ID spelled backwards
  • Part of your user ID or name
  • Any common name, such as Joe
  • The name of a close relative, friend or pet
  • Your phone number, office number or address
  • Your birthday or anniversary date
  • Simple variants of names or words (even foreign words), simple patterns, famous equations or well-known values
  • Your license plate number, your social security number or any all-numeral password
  • Names from popular culture (e.g.: Beatles, Spiderman, etc.)
  • Any password that is offered forth as an example
  • ILoveYou
  • Permutations of the username
  • Family or pet birth dates
  • Family or pet names or acronyms built from them
  • Hobbies or activities
  • Work or school-related information or work/school acquaintances
  • Names of places visited or worked
  • Important numbers such as social security, phone or account numbers
  • Common words from dictionaries including foreign language
  • Common dictionary word permutations
  • Names or types of favorite objects
  • All digits or all the same letter or letter sequences found on keyboards

What Next?

Read this article in Digital Trends by Geoff Duncan, that states in part: “…even our seemingly innocuous accounts can be stepping stones to PayPal, Amazon, iTunes, credit cards, bank accounts, and identity theft — and those are precisely what serious attackers want. With so much of our day-to-day lives now online and password breaches becoming so commonplace, an ounce of prevention — say, 16 random characters — can be worth a pound of cure.”
Related articles

Advertisements

About facetteam
FACET is a human resources consulting firm specializing in the four phases of the Talent Management Cycle: Attract, Retain, Develop, and Transition. The Group's practice specifically addresses facilitation of smooth career/life transitions for individuals leaving organizations as well as career management, leadership training and coaching for employees whose assignments within organizations are impacted by change or other organizational needs. By application of several directions of pursuit, the corporation accomplishes a single goal: maximum utilization of human resource potential and productivity through efficient hiring, training and career development. The Facet Group was founded in 1981 and is headquartered in Lafayette, Louisiana. As an ARBORA GLOBAL PARTNER, The Facet Group shares a parallel philosophy of the highest quality and standards with other owner invested firms. Through this network, we provide services worldwide. To address organizational needs outlined by its clients, The Facet Group offers a comprehensive package of workplace consulting services, focusing on providing high quality, creative programs which favorably impact the bottom line.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: