Bad password - is it you?
According to the stats around 3 people reading this email use the password “password”
People are predictable
There’s a list that comes out every year of the worst passwords – it’s collated by security experts and the data is pretty incredible.
Aside from the fact that almost 5% of all the passwords on the planet are “password” – 91% of people use a password from the top 1,000 passwords.
Think about that!
If you run a Wordpress site and you still have an admin account on there – all I have to do is go to http://yoursite.com/wp-login.php – put admin in the login box and then run a small script that cycles through the top 1,000 passwords; 91% of the time I will gain access.
Once I’m in I can probably gain access to your email, then I have your data, your bank account, your life.
What you should do
If your password (for any system) is in the top 25 pasted below, stop reading and go and change it.
Then when you have a moment, go check out the top 500 passwords– if your password is in there – go change it.
What to change it to?
Current thinking recommends the use of passphrases rather than passwords, so instead of password, how about,this_is_my_password; it’s longer (good,) involves non-alpha characters (good,) and is pretty memorable.
To be safe you should add a few numbers and maybe misspell a few words but of course, that makes it less memorable!
I’ll leave you with an XKCD comic – click the link.
Oh, and if you’d like a security review and hardening applied to your site, reply to this email and book a session.
Top 25 most common passwords