According to the stats around 3 people reading this email use the password “password”

People are predictable

There’s a list that comes out every year of the worst passwords – it’s collated by security experts and the data is pretty incredible.

Aside from the fact that almost 5% of all the passwords on the planet are “password” – 91% of people use a password from the top 1,000 passwords.

Think about that!

Website hacks

If you run a Wordpress site and you still have an admin account on there – all I have to do is go to http://yoursite.com/wp-login.php – put admin in the login box and then run a small script that cycles through the top 1,000 passwords; 91% of the time I will gain access.

Once I’m in I can probably gain access to your email, then I have your data, your bank account, your life.

Thank you!

What you should do

If your password (for any system) is in the top 25 pasted below, stop reading and go and change it.

Then when you have a moment, go check out the top 500 passwords– if your password is in there – go change it.

What to change it to?

Current thinking recommends the use of passphrases rather than passwords, so instead of password, how about,this_is_my_password; it’s longer (good,) involves non-alpha characters (good,) and is pretty memorable.

To be safe you should add a few numbers and maybe misspell a few words but of course, that makes it less memorable!

I’ll leave you with an XKCD comic – click the link. 

Oh, and if you’d like a security review and hardening applied to your site, reply to this email and book a session.

Top 25 most common passwords

1. password
2. 123456
3. 12345678
4. 1234
5. qwerty
6. 12345
7. dragon
8. pussy
9. baseball
10. football
11. letmein
12. monkey
13. 696969
14. abc123
15. mustang
16. michael
17. shadow
18. master
19. jennifer
20. 111111
21. 2000
22. jordan
23. superman
24. harley

25. 1234567