Helping you balance your online life

Jun 28th


Top 10 Passwords You Should Never Use

If you've chosen an easy-to-remember password, such as your username or even the word "password," you may want to think seriously about changing it. ASAP. Easily guessed passwords can compromise your personal identity, privacy and financial accounts.

stronger password protection
Researchers from the University of Maryland's A. James Clark School of Engineering in College Park have quantified how frequently unsecured computers are the victims of hacker attacks. Here's the shocking news: On average, an unsecured computer is infiltrated by a hacker every 39 seconds -- that's more than 2,000 times a day.

Hackers test out a string of common passwords and usernames to penetrate unsecured PCs. If you're currently utilizing your username as your password, note this: Fully 43 percent of all password-guessing attempts simply re-entered the username.

The top 10 most commonly used passwords:
1. Your username
2. Your username followed by 123
3. 123456
4. password
5. 1234
6. 12345
7. passwd
8. 123
9. test
10. 1

On TV and in film, hackers have been portrayed as people with grudges who target specific institutions and manually try to break into their computers. In reality, study leader Michel Cukier says, "Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities. Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections. The computers in our study were attacked, on average, 2,244 times a day."

The team set up weak security on four Linux computers with Internet access, then recorded what happened as the individual machines were attacked. They discovered the vast majority of attacks came from relatively unsophisticated hackers using "dictionary scripts," a type of software that runs through lists of common usernames and passwords attempting to break into a computer.

The top 10 most common usernames:
1. root
2. admin
3. test
4. guest
5. info
6. adm
7. mysql
8. user
9. administrator
10. oracle

What do hackers do once they gain access to your computer?
The most common sequence of actions goes like this:
1. Check the accessed computer's software configuration.
2. Change the password.
3. Check the hardware and/or software configuration again.
4. Download a file.
5. Install the downloaded program.
6. Run the downloaded program.

What are the hackers trying to accomplish?
"The scripts return a list of 'most likely prospect' computers to the hacker, who then attempts to access and compromise as many as possible," Cukier says. "Often they set up 'back doors' -- undetected entrances into the computer that they control -- so they can create 'botnets,' for profit or disreputable purposes."

A botnet is a collection of compromised computers that are controlled by autonomous software robots answering to a hacker, who manipulates the computers remotely. Botnets can act to perpetrate fraud or identity theft, disrupt other networks or damage computer files, among other things.

First published March 10, 2010. Updated July 15, 2012.