Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus

July 14th, 2014

Common passwords inspire uncommon dress

password dress

Lorrie Cranor models her famous Password dress in front of the “Security Blanket” quilt.

Weak passwords make for creative design.

If you use 123456 or password as your password, you may as well wear it for all to see. It’s THAT easy to crack.

To illustrate this point, Lorrie Cranor, quilt artist, and oh yeah,  director of the CyLab Usable Privacy and Security Laboratory at Carnegie Mellon University, designed fabric based on the extensive research she and her students conducted on the weaknesses of text-based passwords. The quilt she made is aptly named “The Security Blanket,” and is designed from a word cloud of the 1,000 most commonly found passwords from the 2010 RockYou.com hack. Professor Cranor made a Password dress to go with the password quilt. The fabric is available for purchase from Spoonflower.

Iloveyou, you little monkey

The most popular password, 123456, forms a backdrop across the whole quilt. But what intrigued Cranor was not the “the obvious lazy choices,” but what else people choose as passwords. She went through the list and organized the passwords into themes. Many passwords fell into multiple themes, so she tried to think like a RockYou user and extract some meaning from their choices.

Love is a strong theme, and the research found that love-themed words make up the majority of non-numeric passwords. Iloveyou in English and other languages is common. The names of pets are common, and Princess showed up in the top 1,000 and simultaneously on lists of popular pet names. Chocolate is the most frequent of the food-related passwords, with chicken and banana(s) coming up often.

Chicken was a surprise to me, as was monkey, the 14th most popular password. Could RockYou users have an affinity for monkeys because of a game, or do they just like monkeys? Is it related to bananas? Do gamers eat more bananas?

Some things we’ll just have to speculate about…

Swear words, insults, and adult language showed up in the top 1000 passwords, “but impolite passwords are much less prevalent than the more tender love-related words,” wrote Cranor in her blog.

Numbers are even better. Three times as many people chose 123456 over password, and 12345 and 123456789 were also more popular choices. It seems that when required to use a number in a password, people overwhelmingly pick the same number, or always use the number in the same location in their passwords.

Top 10 worst passwords

Security developer SplashData published the Worst Passwords of 2013. Check the list to see if you use any of these:

Rank Password Change from 2012
1 123456 Up 1
2 password Down 1
3 12345678 Unchanged
4 qwerty Up 1
5 abc123 Down 1
6 123456789 New
7 111111 Up 2
8 1234567 Up 5
9 iloveyou Up 2
10 adobe123 New

Tips and tricks

1. Use a random collection of letters (uppercase and lowercase), numbers and symbols

2. Make it 8 characters or longer

3. Create a unique password for every account

Read more from the AVAST blog

Do you hate updating your passwords whenever there’s a new hack?

Are hackers’ passwords stronger than regular passwords?

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on FacebookTwitter and Google+. Business owners – check out our business products.

  1. No comments yet.
  1. No trackbacks yet.
You must be logged in to post a comment.