Stay Safe by Learning from the Bad Passwords of Others

Most of the password advice you hear is fairly hypothetical: Don't use words you can find in the dictionary. Don't use the word password or a simple string of numbers. But it's not every day that we can look at real passwords used by real people, and point out just how poorly conceived they are. Thankfully, today is one of those rare days.

Recently, 10,000 passwords were scraped off of Windows Live Hotmail accounts (probably through a phishing attack) and posted online. Security site Acunetix performed an analysis of the passwords, and the results are (if you are a security fanatic) a little bit depressing.

Here are some statistics gleaned from the study:

  • 42% of the passwords are lower case alpha strings containing only characters from a to z.
  • 19% of the passwords contained only numbers.
  • 30% of the passwords were mixed with upper and lower case and numbers.
Here are the 10 most common passwords:
  • 123456
  • 123456789
  • alejandra
  • 111111
  • alberto
  • tequiero
  • alejandro
  • 12345678
  • 1234567
  • estrella
Acunetix theorizes that based on the alpha passwords, the phishing attack probably targeted the Latino community. Regardless of the demographic, though, it points out that far too many people don't take their passwords seriously.

Need some help? Recently, Rick told you how to choose a smart password, and I pointed you towards a Microsoft Web site that can tell you the strength (and relative security) of your password.

Photo by Mirko Macari