Official News page 8

REAL LIFE NEWS: MOST COMMON PASSWORDS REVEALED BY HOTMAIL ATTACK

by Hazed

There's been a big phishing attack running against users of Hotmail recently, and the account details caught in the phisher's nets turned up on a website called PasteBin. Of interest to bad guys, sure, but also to security researchers, who wasted no time in analyzing the file to look for information about what passwords people choose.

It turns out that in the sample of 10,000 login credentials they checked, the most common password was "123456" - it turned up 64 times. The second most popular was along the same lines: it was "123456789" which appeared 18 times. Actually, when you do the maths, they aren't all that common, but it wouldn't make such a good story if that was pointed out!

A significant number of passwords also used the account holder's date of birth, which is certainly not secure! Nearly half used only lowercase letters, 19% were just numbers.

Since many people use the same passwords on many different services, hackers getting hold of logon details for one site, such as Hotmail, could lead to security breaches on many others. If you have a Hotmail account, you are advised to change the password to that and to anything else that uses the same password, before the hackers get round to doing it for you.

The security researcher who compiled the report thinks it is time to re-evaluate advice on how to choose passwords. "It used to be that the best security advice was to never write down your password," he said. "Today's advice however is to choose complex passwords, write them down and then put them in your wallet. You know when your wallet is lost or stolen and therefore that you need to change your passwords. Three initials from your name and postcode will do the trick and will take a hacker weeks to crack. Using an old postcode adds another layer of protection."

Fed2 Star index Previous issues Fed 2 home page