SplashData has released the 2014 edition of its list of the 25 most common passwords found on the internet this week. In a momentous victory, and having been in the shadow of 'password' since the data was first collated, '123456' has finally reached the top spot as most used password on the internet.
Among the top ten are 'abc123', '123456789', 'iloveyou' and '111111'. A number in the top 25 are program specific, with registering consumers using passwords like 'adobe123'.
Although SplashData's results offer a light-hearted look at the lethargic views some people have of their password-protected software and their use of overly simple codes like 'qwerty' and 'letmein', there should be a more important lesson for businesses.
Common password, greater risk
Passwords that are weaker are likely to be broken by brute-force attacks, where hackers gain access by rapidly guessing possible password combinations.
When encrypted passwords are stolen, weaker ones are usually quick to follow as cracking software becomes more intricate and effective and hardware like GPGPU more powerful. Add in the potential use of cloud-based services and you have an explosive combination.
The topic of rolling password updates in the workplace has been under debate recently, especially with the rise of BYOD (Bring Your Own Device). Employees losing their own hardware with sensitive data on them should be a real concern for businesses.
Use of common passwords is one of the greatest risks to data security. Most people have one or two passwords they use regularly, usually with variations of numbers attached to the end when forced to renew them.
All it takes is for a user to log into an unsafe conduit, such as a forum, and hackers might take their registered password, used for every account, and within a few hours have complete access to everything that was once secure.