Your stupid password has to go – says Microsoft (and common sense)

We’ve all been told that it is important to have unique and hard to guess passwords to keep our online data safe. However, many people just aren’t getting the message. So Microsoft has announced that it will start to ban some of the most commonly-chosen, obvious passwords from being used for its properties.

Microsoft’s blog states that their security sees “more than 10M accounts attacked daily, so we have a lot of data about which passwords are in play in those attacks.”

Apparently the crooks out there know which passwords are most commonly used. Writes Microsoft, “Bad guys use this data to inform their attacks … trying to brute force accounts by trying popular passwords against them.”

Microsoft plans to “use this data to maintain a dynamically updated banned password list.” So as new contenders enter the collection of easily guessable passwords – the banned choices list will be automatically updated to include these as well.

This follows hard on the heels of last week’s announcement that the 2012 LinkedIn breach affected over 100 million more accounts than was acknowledged at the time. It was also reported that a hacker was trying to sell the email addresses and passwords from those 117 million LinkedIn accounts online. (So if you haven’t changed your passwords in a while you might want to now.)

Along with that news came the release of the most popular (and terrible) passwords that people choose. I know, we all have a lot of accounts and many different credentials to remember, so it can be tempting to simplify. But seriously, some people just aren’t trying. (Or they’re trying to get hacked.)

The top ten most common stupid passwords that people really use

    1. 123456 – used by 753,305 accounts
    (Counting! You probably don’t even have to write that one down on a Post-It on your screen.)

    2. linkedin – used by 172,523 (LinkedIn) accounts
    (Using the name of the site you’re on as the password for that very site! Who’da thunk it?)

    3. password – used by 144,458 accounts
    (A classic. So obvious, no hacker would consider trying it.)

    4. 123456789 – used by 94,314 accounts
    (Counting higher! All the way to nine. Crooks probably stop trying at eight.)

    5. 12345678 – used by 63,769 accounts
    (Uh oh. Maybe they’ll stop at seven.)

    6. 111111 – used by 57,210 accounts
    (You didn’t think this through. If someone wrote a program to randomly enter six-digit combos, the very first thing it would try is 111111.)

    7. 1234567 – used by 49,652 accounts
    (Seriously, enough with the counting already.)

    8. sunshine – used by 39,118 accounts
    (Well, that’s cheerful at least. And strangely popular.)

    9. qwerty – used by 37,538 accounts
    (Love it. The first five letters on the keyboard. In order! Brilliant in its simplicity.)

    10. 654321 – used by 33,854 accounts
    (Oh, I see what you did there. Counting down. Clever. Using reverse psychology on the identity thieves.)

Want to turn your password into a life hack? Don’t let your account or browser automatically remember you. This will force you to enter your password every time you access your account. Then you can turn that password into a motivational message to yourself that you’ll have to type every day. For example: “G3tInShape,” “Qu1TSm0k1ng,” or “F1ndB3tt3rJ0b.”

Alternately: “Us3Sm@rt3rP@ssw0rd$”

Comments

,