Enterprise security strategy - Rockyou Breach Analysis Reveals Insecure Passwords - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Rockyou Breach Analysis Reveals Insecure Passwords

Written By
Brian Prince
Brian Prince
Jan 21, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Database security vendor Imperva released an analysis of 32 million passwords exposed in the Rockyou.com breach. What they found is not good.

According to their analysis, the three most commonly used passwords are “123456”, “12345” and “123456789.” Other common passwords include “Password” and “iloveyou.”

Their analysis echoes a paper written by researchers at the University of Wisconsin-Madison and IT University in Copenhagen that found only four percent of 836 people surveyed obeyed best practices for passwords.

“Everyone needs to understand what the combination of poor passwords means in today’s world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second–or 1000 accounts every 17 minutes,” Imperva CTO Amichai Shulman said in a statement. “The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine.”

According to the Imperva study, which can be found here, nearly 50 percent of users used names, slang words, dictionary words or trivial passwords such as consecutive numbers. The problem with such passwords is that they are easier for attackers to brute force (guess).

“Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like ‘123456’,” Shulman said. The problem has changed very little over the past 20 years. It’s time for everyone to take password security seriously; it’s an important first step in data security.”

For those looking for suggestions, here are a few tips to improve password strength:

1)Don’t use actual words in any language, including slang, as a password by itself. In other words, “love” is not a strong password. “Love2001c” is better.

2)Don’t use personal information such as birthdays, pet names, etc.

3)Don’t use obvious number patterns such as “1,2,3,4,5.”
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information