Yes, that’s right. The top 25 most popular (and worst) passwords of 2011 are out. Not surprisingly, a lot of the same passwords were on the top 25 list for 2010 and 2009 and 2008…although their ranking has changed. “Monkey” moved from #14 last year to #6 this year. “Monkey?” Can anyone explain to me why this is such a popular password? More importantly, reading this list, is anyone surprised that on average, half a dozen accounts are hacked and taken over every two or three minutes, round the clock, including now?
To understand how incredibly risky and stupid using these types of passwords is (and the hassle and challenges you’ll experience once you’ve been hacked), I highly recommend this recent article in The Atlantic by James Fallows, Hacked. In this fascinating-in-a-train-wreck-sort-of-way article, Fallows details his wife’s Gmail account being hacked, all her email files stolen, and their subsequent education regarding the risks of cloud computing. Fallow is quick to point out that their experience with Gmail “would apply to most people using most online services, including Apple’s pending “iCloud” services and Microsoft’s continuing movement of Windows services to the cloud.“
The paragraph in the article that made my hair stand on end? “Guessing (passwords) less often involves social engineering—trying your birthday or your hometown or your relatives’ names—than “brute-force attacks,” in which a hacker’s computer tries every word or combination of words in existence, in a variety of languages, to see if it finds a match. From most officials, I heard reminders that if a password can be found in a dictionary, that password is not safe. Andrew Kovacs, communications manager for the Google security staff, added: “And those tricks about changing E’s to threes and O’s to zeros? Sorry to tell you, but the hackers have thought of those too.” Several of the people I spoke with pointed out that brute-force attacks have recently become much more effective, as hackers have taken advantage of the powers of new computer-graphics chips, which can handle certain kinds of computations even more quickly, and with more parallel processes running simultaneously, than a computer’s central processing chip can. These turn out to be the computations necessary for producing password hacks.”
Lest you think you’re smarter or more creative in choosing your passwords than the average bear, he goes on to state that his wife’s password was a combination of two short English words followed by numbers. Sound familiar? And that “For reasons too complex to explain here, even some systems, like Gmail’s, that don’t allow intruders to make millions of random guesses at a password can still be vulnerable to brute-force attacks.”
At the end of the article, Fallows provides three pieces of advice:
1. If you use Google’s Gmail, use their two-step verification system
2. “ ‘Choose a long, familiar-to-you sequence of ordinary words, with spaces between them as in an ordinary sentence, which more and more sites now allow. “Lake Winnebago is deep and chilly,” for instance. Or “my favorite packer is not brett favre.’ Or ‘Choose a truly obscure, gibberish password—“V*!amYEg5M5!3R’ ”
3. Use different passwords. “The guide should be: any site that matters needs its own password—one you don’t currently use for any other site, and that you have never used anywhere else.“
Solid advice learned the hard way. And now for the top 25 list (in case you were wondering):
By Lee Neel, Vice President of Marketing, The Fundraising Resource Group. For more information about The Fundraising Resource Group’s relational fundraising and marketing services, visit our website at http://www.thefundraisingresource.com/.