1234: LinkedIn security breach reveals pitiful passwords

sony locks 93000 user accounts after hack attempt security password loginIf you didn’t realize it already, “1234” isn’t the strongest of passwords. Ditto for “12345”, although admittedly it is marginally better. These were, however, among the most popular passwords used for a number of the 6.5 million LinkedIn accounts leaked on the web this week.

Around 160,000 of the hashed passwords stolen from the business-oriented social networking site were cracked by hackers, leading news site msnbc to ask Boston-based security firm Rapid7 to compile a list of the most popular passwords among the haul.

It should be noted that the passwords in Rapid7’s list were part of a longer string of characters, eg. “john1234”. But as msnbc’s Bob Sullivan says in his article, “That might seem to mitigate the danger, but it doesn’t offer much protection. Hackers spend hours guessing users’ passwords, using tools that brute force their way through millions of combinations.”

He continues, “If a hacker knows someone used a seven-letter password, and part of that password is ‘link,’ the bad guy only has to crack what is essentially a three-letter password. That’s exponentially easier.”

As mentioned by Sullivan, “link” appeared top of Rapid7’s list — easy to remember for a LinkedIn account, perhaps, but easy for others to guess, too. In second place was the classic four digit combo, “1234”. Evidently some LinkedIn users deemed “1234” to be absurdly unsafe and weak, opting for “654321” instead — that one appeared in 24th spot.

Other common choices included “jesus”, “god”, “work” and “the”.

Let’s face it, for many of us, managing passwords for a multitude of websites and accounts is nothing short of a nightmare. You’re not meant to use real words, you’re not supposed to use the same password for more than one account and you’re not meant to use common phrases. The only way to do it then is to write them all down on a piece of paper and keep it in your wallet — but of course you’re not supposed to do that either.

If you’re in need of some advice on how to improve your passwords and online safety — and probably many of you are — check out this article by Digital Trends’ Geoff Duncan.

1234 linkedin security breach reveals pitiful passwords list

[Image: Mario7 / Shutterstock]