08000 688 471
Intl. +44 207 043 4390
Intl. +44 207 043 4390
When a specialist programming website called phpbb.com was recently hacked, the passwords of its 20,000 members were stolen and posted on the Internet for all to see. Whilst this must have caused great concern to the site and its subscribers, analysis conducted on these passwords by security blogger Robert Graham is now providing a useful security lesson for the rest of us.
Include numbers and symbols to avoid dictionary words
In spite of best practice recommendations to include numbers and punctuation symbols in a password, almost two thirds (64%) of users on this website were happy to use a word straight from the English dictionary. Of this group, the vast majority chose a simple term such as "apple" rather than an abstract concept or a word with an unusual spelling.
First names make it easier for hackers
Equally striking was that 16 per cent of the passwords used were names, making it far easier for a would-be hacker to access the account of somebody whose identity he knows. Robert Graham found that the majority of names used were common ones such as Joshua, Michael and Jordan. He speculates that Joshua may be a reference to the computer password in the 1983 film Wargames, whilst the other names probably refer the famous basketball player.
Avoid keyboard patterns, variations on 'password' and other common phrases
14 per cent of passwords derived from patterns on the keyboard such as "1234", "qwerty" or "asdf" and 4 per cent were simple variations on the word password such as "passw0rd" and "password1".
Other popular passwords were categorised as 'pop-culture references' such as films and band names, 'things nearby' such as Computer manufacturer names, 'swear words' and 'sports references'. In fact, 'Arsenal' and 'Liverpool' regularly feature in the top 10 list of UK passwords – but are they sporting references or swear words?
Below is the top 20 list of passwords from the phpbb.com database. Needless to say, if your own password appears on this list, you may wish to consider changing it.
| Top 20 passwords | % Occurrence |
| 123456 | 3.03% |
| password | 2.13% |
| phpbb | 1.45% |
| qwerty | 0.91% |
| 12345 | 0.82% |
| 12345678 | 0.59% |
| letmein | 0.58% |
| 1234 | 0.53% |
| test | 0.5% |
| 123 | 0.43% |
| trustno1 | 0.36% |
| dragon | 0.36% |
| abc123 | 0.31% |
| 123456789 | 0.31% |
| 111111 | 0.31% |
| hello | 0.30% |
| monkey | 0.30% |
| master | 0.28% |
| killer | 0.22% |
| 123123 | 0.22% |