How risky is your password?

By Sarah Coles , Jul 16, 2012
Filed under: Scams & Fraud

password Sean Kilpatrick/The Canadian Press/Press Association Images

Scientists have revealed the most commonly used passwords in a recent hacking incident.

So which passwords leave you most exposed, why are we so prone to picking the risky ones, and how can we choose a password that's memorable and yet difficult for a hacker to guess?

Fight back - latest on scams

According to a report in Yahoo News, an IT security company has identified the passwords which emerged most regularly in a list of hacked accounts.

It analysed 440,000 passwords which were posted online after an alleged breach of Yahoo security on Wednesday, and discovered that despite repeated recommendations to come up with something difficult to guess, the most commonly hacked passwords are a piece of cake for hackers to break.

Fight back - latest on scams

Most commonly hacked

ESET, the Slovakian company behind the study, said that the most common password in the list of hacked accounts was 123456, followed by 'password' and 'welcome'. In all over 1,500 people had plumped for the numerical sequence, while 780 went for password, and almost 450 for welcome.

The report also quoted figures from SplashID, which said 'password' is the most commonly used password, while the numerical sequence is in the top three.

Top 10

The rest of the top ten most hacked passwords included a number that were a mixture of very simple numerical and alphabetical sequences like abc123 (used 250 times), 123456789 (used 222 times), 12345678 (used 208 times) and qwerty (used 172 times).

There were also some common words, including ninja (used 333 times), sunshine (used 205 times) and princess (used 202 times).

Why?

Clearly the reason we pick these common passwords is that they are easy to remember. Using a sequence of keys we can press without thinking, or a common word or nickname, is bound to be the best way to ensure we don't forget our password.

It's pointless going to the trouble of creating a series of passwords that require a mind like a steel trap to recall every time you want to do anything online.

However, with account hacking on the rise, and several high-profile breaches reported from a host of sites from Yahoo to LinkedIn, it's worth finding a new solution.

Choose a strong password

There are three surefire ways to come up with a password that no-one but you will know.

1. Come up with a common phrase or a line from a song, and use the first letter from each word. So 'I Got The Moves Like Jagger' becomes IGTMLJ and 'Why Does It Always Rain on Me?' becomes WDIAROM.

2. Think of a password, then type in the letters next to each letter on the keyboard. So if your chosen password was SUMMER, you could shift left and your password would become AYNNWE.

3. Use a piece of software to set and remember passwords. There are loads of them, such as lastpass and roboform. Most of them make you log into the software, then when you sign into a new website it will automatically generate a user name and password that no-one would remember (which is rated as 'strong' by the sites).

It will then remember them for you, so that each time you go back to the site it will input the password for you. All you have to remember is your password for the software.

But what do you think? What's your trick for remembering a unique password? Let us know in the comments.

1. 123456 1666
2. password 780
3. welcome 436
4. ninja 333
5. abc123 250
6. 123456789 222
7. 12345678 208
8. sunshine 205
9, princess 202
10. qwerty 172

The top 10 scams of 2011

1. Mid-contract price hikes
It is reasonable to assume that if you take out a mobile phone contract at £30 a month for 24 months that's exactly what you'll pay unless you exceed the tariff. Yet mobile phone providers have come under fire for a snag buried in the small print – a clause to allow mid-contract price rises. Prices are rising by a median of 81p a month and 70% of consumers are completely unaware off this sneaky move, according to Tesco Mobile, so be sure to check any new contracts before you sign the dotted line.
1. Land banking
 Land banking involves plots of land offered for sale, often online, with the promise of sizable returns when planning permission is approved for housing or other development. Yet often the land is located in areas protected from development by planning law. The companies involved soon disappear with investors' money and as the firms are not protected by the Financial Services Authority, their funds are not covered by the Financial Services Compensation Scheme
2. Money mule
 Fraudsters recruit unknowing accomplices through email under the guise of offering employment, seeking a personal favour, or through internet shopping sites. The recruits are persuaded into receiving what are essentially fraudulent payments and then passing funds on. The 'mules' are frequently offered a small financial incentive to encourage involvement and face difficulties in proving their innocence when the fraud is discovered.
3. Carbon credit fraud
 The scams claim to offer people the chance to profit from carbon credits. Under regulations that permit businesses to emit a tonne of CO2 – the companies claim to offer investment in green projects like a forestry scheme or a solar panel project, which generates carbon credits that are then sold on to heavy industry. A flashy brochure or website tells of a reliable 'government-backed' scheme which provides reliable returns for investors. Such a scheme doesn't exist however – a reality investors only discovered when they have parted with their cash and the company is untraceable. As with land banking, fraudulent companies are not covered by the FSA so victims have no course for recompense
4. HMRC phishing scam
 Receiving an email from the taxman saying you are owed a payment may seem like a nice surprise, but it is actually from fraudsters trying to relieve you of your cash instead. The emails provide a "click-through link" to a cloned replica of the HMRC website. The recipient is then asked to provide their credit or debit card details - all the information the criminals need to clear your account, and sell on your personal details.
6. Crash for cash scams
 Insurer Direct Line reported a hike in the number of 'crash for cash' scams last year – where fraudsters fake accidents by making unnecessary emergency stops at busy roundabouts or slip roads, forcing motorists to crash into them. They then make bogus claims to the innocent motorist's insurer, often including fictitious injuries and passengers.
7. Driving school scams
 Learner drivers have been taken for ride by being unknowingly taught by trainee instructors. An investigation by the AA found up to 27,000 extra driving tests have been failed in the last year because one in 10 learner drivers are unwittingly taught by an instructor they do not know is learning on the job.
8. One man mail scam
 July saw the arrest of a Leicester postman who stole £46,686 worth of mail over two-and-a-half years. Yogeshbhai Patel, 38, was jailed for two years for stealing mail including 2,000 DVDs and 2,250 games along with CDs and other electrical equipment. He intercepting the valuable packages and spent the money on living a luxury lifestyle including helicopter rides and a trip to Las Vegas.
9. Smart meter scam
 The Trading Standards Institute reported over 200 cases where elderly homeowners have been targeted by telephone cold callers, purporting to be from their energy supplier and offering energy saving devices which could cut their bills by 40%. The TSI tested the devices in homes where owners had fallen for the scam, only to find they both failed to satisfy electrical safety standards or deliver any tangible energy savings.
10. Thermal camera fraud
 Thermal cameras that track ATM pin numbers are the latest weapon in their arsenal and US scientists have warned it is the next threat for this form of crime. Researchers at the University of California at San Diego found that up to 45 seconds after a person types their pin code into an ATM machine or door entry pad the numbers and even the sequence are still readable by thermal cameras.

Add a Comment

Sign in »

105 Comments

Filter by:

wokingham7

A tip I saw suggested using the first letters of the words of a song (GRHOTM) = Go Rest High On That Mountain, a favourite song of mine, for an example.

September 29 2012 at 1:09 PM Report abuse Permalink rate up rate down Reply

coogans6

my password is g.t.f but they wont.

September 29 2012 at 12:35 PM Report abuse Permalink rate up rate down Reply

Bill

My password is crotchlesspanties.....Is it too risque?

September 29 2012 at 7:51 AM Report abuse Permalink rate up rate down Reply

djpaulgee1

Some people bring it onto themselves for not bothering to think of a unique password. How many times have we been warned by different internet service providers, emails, websites etc about not using something simple to use as a password? I keep all my passwords in a small book that is hidden so that i can recall a forgotten password. It's also strongly advised to change your password as often as possible, this is something else a lot of people don't do. As many other comments on this topic have already expressed, use a combination of numbers, letters and symbols then you shouldn't have a problem. Remember: Change your password often.

September 29 2012 at 6:26 AM Report abuse Permalink rate up rate down Reply

sandyeandy

Swearwords in foreign languages are vey useful, especially if you add a specific number before &/or after!

September 19 2012 at 1:54 PM Report abuse Permalink rate up rate down Reply

kgfriar1176

Most of the people where I used to work used the password FRED because the letters were close to one another - but everyone could log into anyone's computer.
So the company gave everyone a six digit random selection which was changed every three months, but people wrote their passwords on a sticky label and attached it to their computer.
One of mine was CCTXZZ and I made up a silly quote to help me.

August 29 2012 at 2:34 AM Report abuse Permalink rate up rate down Reply

valhollylee

I use a word that means something to me but I change some of the letters for numbers, so O becomes 0 or A becomes 4, b is 6, g is 9 etc. You don't change them all just a few but the secret is to use a word that is special to only you that no none would guess in the first place.

August 28 2012 at 5:00 PM Report abuse Permalink rate up rate down Reply

pax1909

When I need a new password, I use the date and keep a book in which all passwords are saved. This means that although I have to check when I need to enter a site, at least I know this type of password can never be guessed!

August 28 2012 at 8:41 AM Report abuse Permalink rate up rate down Reply

michaelfcastro

Interesting that its Yahoo running the survey. Wasnt it a Yahoo server that all the yahho and AOL passwords were stolen only just recently, prompting AOL to send us emails to say we were spammers ?.

We are always being told not to divulge passwords etc, but here is Yahoo saying that the survey asked people what their passwords were so they could run this cock eyed report, DUH ?

August 28 2012 at 8:22 AM Report abuse Permalink rate up rate down Reply

nglover

I give each number a letter of the alphabet. ' Pick Me' would come out as 492 for instance - not the same as I use of course! I then put in a symbol such as an ampersand. Vowels are left out of the squence. Remember to allocate a letter to zero.

August 28 2012 at 7:53 AM Report abuse Permalink rate up rate down Reply