What’s the most common password among the 32 million people who’s accounts were hacked at RockYou late last year? According to a study by Imperva (download here), it’s “123456,” followed by “12345,” “123456789” and “Password,” in that order. “iloveyou” came in at no. 5.
Only 0.2% of users had what would be considered a strong password of eight or more characters that contains a mixture of special characters, numbers and both lower and upper case letters, says the study.
The really depressing thing is that users tend to use the same passwords on all or most of their work and personal accounts. This is what caused the 2009 Twitter document hack. Once the hacker broke in to a single employee’s gmail account, he was running free and eventually got access to a lot of sensitive corporate information.
So if you want your password to be the stunningly simple “123456” on RockYou and other social sites, that’s fine. Just don’t use that same password for gmail, your bank and your work accounts.
Of course, it doesn’t really matter how awesome your password was with RockYou, since they stored it all in clear text and lost control of the data.