10 common passwords revealed People choose unsecure passwords, research reveals

23 January 2010

ID Fraud

Be on your guard against fraudsters 

An analysis of over 32 million passwords used by members of the social networking site Rockyou.com has revealed many people use common, unsecure words and phrases to protect their accounts.

Imperva, the data security firm, has revealed the 10 most commonly used passwords used by site members after studying the account information that was stolen from Rockyou.com in December.

Imperva’s Application Defence Centre (ADC) also analysed the strength of the passwords, to help consumers and website administrators identify the words and phrases they should avoid when setting up security details on social networking or e-commerce websites.

‘Default’ passwords

According to Imperva’s research, the 10 passwords most commonly chosen by Rockyou.com users were:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123.

According to the study, the shortness and simplicity of ‘default’, commonly chosen passwords like these makes their users susceptible to cyber attacks known as ‘brute force attacks’. These are password hacking scams where simple combinations of characters are repeatedly tested until the correct one is found.

In its analysis of Rockyou.com’s database, Imperva found that nearly 50% of users used names, slang words, dictionary words or trivial passwords such as consecutive digits and adjacent keyboard keys to protect their accounts. All of these passwords are classed as ‘weak’ and inadequately secure.

Protect your identity online

Which? Money editor James Daley commented: ‘While in this example it’s a social networking site that was compromised by hackers, many of us now transact financially online. With credit and debit card fraud on the up, it’s important that we all keep our personal details safe in cyberspace.

‘When setting up any kind of online profile or account, make sure you are mindful of the need for security and ensure you use a password that won’t be easy to crack.’

For more information, read the Which? guides to and how to beat identity fraud. The Which? guide to protecting your online identity contains easy-to-follow advice on creating strong, secure passwords.

pound coins

Which? Money when you need it

You can follow @WhichMoney on Twitter to keep up-to-date with our Best Rates and Recommended Provider product and service reviews.

Sign up for the latest money news, best rates and recommended providers in your newsletter every Friday.

Or for money-saving tips, and news of how what's going on in the world of finance affects you, join Melanie Dowding and James Daley for the Which? Money weekly money podcast

For daily consumer news, subscribe to the Which? news RSS feed here. And to find out how we work for you on money issues, visit our personal finance campaigns pages.