Are you still using an easy-to-hack password?

Imperva has compiled a list of vulnerable Internet passwords. "123456" tops the list.

What's your password?

When it comes to creating passwords for social networks or e-commerce programs, most Web users have gotten lazy. That's the (not particularly shocking) news this week from Web security firm Imperva, which examined data uncovered in a recent breach of a site called

According to Imperva, 32 million passwords were exposed in the hack of RockYou, a company that develops apps for sites such as Facebook and MySpace. Of those 32 million passwords, there were a dismaying amount of repeaters.

The most commonly used password? "123456." Here's the rest of the list, courtesy of Imperva:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

According to Imperva, approximately 50 percent of passwords are made up of consecutive digits, adjacent keyboard keys, proper names, and slang terms. Weak or easily-guessable passwords are particularly vulnerable to attack from hackers, who can use what's known as a "brute force" attack to break into your machine.

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second – or 1000 accounts every 17 minutes," Imperva's CTO Amichai Shulman said in a statement.

So what can you do to strengthen your password? Well, for one, never duplicate your user name in the password field. Steer clear of consecutive numbers. You can use a proper name, but don't use your own. Try mixing numbers and letters. Never, ever use the word "Password" in the password field. (Come on, people!)

Also, try varying the passwords you use on various sites. Many folks have a one-size-fits-all password – a phrase they use to log into Facebook, MySpace, Twitter, etc. There are benefits to this strategy, obviously – you'll never forget a password if it's the same password you use for every site. But it's certainly not secure.


Got a security tip? Share it in the comments section, or on Twitter. We're @CSMHorizonsBlog.

of stories this month > Get unlimited stories
You've read  of  free articles. Subscribe to continue.

Unlimited digital access $11/month.

Get unlimited Monitor journalism.