Friday, January 11, 2013

Can I hack your password in 10 minutes?


Early Last year we got a look at the worst passwords of 2011. In a previous post, we found that the five worst passwords of that year were:
  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
‘password’ is the number one password…? Really?

The report was made by Splashdata which gathered data from the millions of stolen passwords posted online by hackers in 2011.

But a new year has passed and with MI5 battling "astonishing" levels of cyber-attacks in the UK industry and Symantec stating in their 2011 report that they recorded thousands of hacking events every second. So surely we're trying to make it harder for them by improving IT security?

… it seems not

According to the list below, we’re still as lazy as it gets. In the updated 2012 report by Splashdata, ‘password’ is still the most popular password…

Here's the full list with comparison to 2011:

1.    password (Unchanged)
2.    123456 (Unchanged)
3.    12345678 (Unchanged)
4.    abc123 (Up 1)
5.    qwerty (Down 1)
6.    monkey (Unchanged)
7.    letmein (Up 1)
8.    dragon (Up 2)
9.    111111 (Up 3)
10.   baseball (Up 1)
11.   iloveyou (Up 2)
12.   trustno1 (Down 3)
13.   1234567 (Down 6)
14.   sunshine (Up 1)
15.   master (Down 1)
16.   123123 (Up 4)
17.   welcome (New)
18.   shadow (Up 1)
19.   ashley (Down 3)
20.   football (Up 5)
21.   jesus (New)
22.   michael (Up 2)
23.   ninja (New)
24.   mustang (New)
25.   password1 (New)

Source: Gizmodo - The 25 most popular passwords of 2012

Guilty of any of these?

But are we all really that lazy? No and here’s why

This data is gathered from millions of stolen passwords posted online by hackers meaning that there’s a reason ‘123456’ is on this list.

Hackers use tools to randomly guess your password, and depending on its length and the  characters it contains, the tool can guess it in anywhere from 10 minutes to (in my case) 44,530 years!

How to make your password 'unhackable'

Simply make your password 9 characters, add a symbol and a number. Find out how long it takes to guess your current password using the info below:

Length: 6 characters
Lowercase: 10 minutes
+ Uppercase: 10 hours
+ Nos. & Symbols: 18 days

Length: 7 characters
Lowercase: 4 hours
+ Uppercase: 23 days
+ Nos. & Symbols: 4 years

Length: 8 characters
Lowercase: 4 days
+ Uppercase: 3 years
+ Nos. & Symbols: 463 years

Length: 9 characters
Lowercase: 4 months
+ Uppercase: 178 years
+ Nos. & Symbols: 44,530 years

As you can see, it’s obvious why the simple passwords are on the list. It only takes 10 minutes for hackers to get any of them. They aren’t going to wait more than 24 hours to get your ‘real’ password. 

So relax, the world is not as lazy as it seems… unless for reasons you won’t discuss, you are concerned to see "123456" so close to the top.

Will 2013 bring a more creative list of passwords? let us know in the comment section below.

Lets at least hope 'password' won't be at the top.

About the Author:
Sarah writes for Firebrand Training on a number of IT related topics. This includes exams, IT training, , IT certification trends, project management, certification, careers advice and the IT industry itself. Sarah has 11 years of experience in the IT industry.