There is a drought here in New Mexico, according to the weather folks on TV. We’ve had some rain, but our precipitation is below normal this year. You may have read about the forest fires in New Mexico and that is a direct result of the drought.
Yahoo! had a password “leak” last week (as I write this). I think these leaks are becoming floods. A few passwords here and there is a leak, thousands are a flood. There have been multiple reports listing the most common passwords, but the ZDNet article at the link lists the top 10 along with the top ten “base words”–that is insightful. Check out the article for the whole scoop. Here is the top 10 list of passwords:
These account for (if my math is right!) 1.85% of the passwords. splashdata.com posted a list of “most common passwords on the web” last November. The top 10 were:
The overlap is interesting, but “princess” isn’t even in splashdata’s top 25. In Learning Tree’s System and Network Security course we discuss the list from the Gawker break-in from 2010. “Princess” was a bit down on that list, but the top 10 there were:
It is particularly interesting to me that these are all so short. Yes, laziness and convenience trump security.
I have mentioned password generators and other tools before. Keepass, for example, makes using multiple passwords easier. Why use multiple passwords? Well if your Yahoo! password was discovered, and you use that same password for your email or your bank… It also generates random passwords of the length you choose. One nice feature is that there are plugins for keepass allowing it to fill in passwords popular browsers. There are lots of other plugins, too.
With tools that generate passwords and automatically fill them into web forms, it’s easier than thinking up a new one (okay, “111111” isn’t hard to think up) and typing it in. Given the integration features, I’m thinking of moving to keepass and keeping my passwords in a dropbox folder. I’ll let you know how the change-over from my current solution goes. What’s your favorite password management technique? Hopefully not “123456” everywhere! Let me know in the comments.