A new piece of research on passwords has taken a fresh approach in terms of revealing the ones which you should steer well clear of if you’ve got an ounce of sense.
Instead of doing the usual highlighting of the most popular passwords picked by users, and laughing at how dumb they are, the report from Rapid7 points out the passwords which hackers out there are trying to actively exploit, and using to attempt to break into any systems and computers they stumble across.
In other words, these are the passwords the hackers believe they have the most chance of success with in their constant probing for potential victims. And hence, these passwords – which Rapid7 discovered by using a collection of honeypots (bait for the hackers) across the globe – are definitely ones you should avoid for your own machines.
As the Telegraph reports, the Rapid7 findings compile the expected top 10 list, and ‘password’ isn’t actually on it – although ‘P@ssw0rd’ is, and comes in at number five.
Top of the list, though, is the unbelievably insecure ‘x’, followed by ‘Zz’ and then ‘St@rt123’. The simple number ‘1’ is another to avoid at number four, followed by ‘P@ssw0rd’ as previously mentioned, then ‘bl4ck4ndwhite’ followed by the old classic ‘admin’.
Rounding the top 10 off we have ‘alex’, ‘…….’ and ‘administrator’.
The latter, unsurprisingly, also features heavily on the list of the most commonly guessed usernames. Top of the tree here is ‘administrator’ followed by ‘Administrator’, ‘user1’ and then ‘admin’.
So if your username is ‘administrator’ or ‘admin’ and password ‘x’, then you might want to have a little rethink on those.
Rapid7 has been maintaining its honeypots since last April, and in that time, has seen an average of around 660 login attempts per day. The company also grabbed the IP addresses of those logins, and the majority came from China – 40% of all attempts in fact.
The US was the other major source on 25%, with South Korea a long way behind in third place, tallying just 6%. In other words, two-thirds of all this probing for weak spots came from China and the States. The UK was in sixth position on 1.8%.
Any passwords you use, particularly in the business world, should be suitably strong and preferably backed up with two-factor authentication. Of course, biometrics are now becoming increasingly popular in the quest for better security, and even things like behavioural biometrics (as opposed to ‘static’ biometrics like fingerprint sensors) are set to take root down the line.