Latest news
In the past, password studies have focused mostly on surveys. Never before has there been such a high volume of real-world passwords to examine.

Key findings of the study include:
- The shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as “brute force attacks.”
- Nearly 50% of users used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys, and so on). The most common password is “123456”.
- Recommendations for users and administrators for choosing strong passwords.
The report identifies the most commonly used passwords:
1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123
For enterprises, password insecurity can have serious consequences. “Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy to crack passwords like ‘123456’,” said Shulman.
“The problem has changed very little over the past 20 years,” explained Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today. “It’s time for everyone to take password security seriously; it’s an important first step in data security.
The complete report is available here.

Spotlight

SMS spying app offered on Google Play
Posted on 22 May 2012. | Phone spying apps are usually offered on hacking forums and third party app markets, but given their malicious potential, it's unusual to see them being offered for sale on official online marketplaces.

Zeus Trojan variant comes with ransomware feature
Posted on 22 May 2012. | The recent popularity of ransomware as a tactic for duping users into giving up their hard-earned cash has resulted in an unexpected malware combination.

Bogus Facebook apps could lead to Android malware
Posted on 21 May 2012. | Researchers have spotted something that could be the beginning of paid promotions through Facebook, and believe that the approach can be used for peddling malicious mobile apps.

Microsoft embraces CVRF format for its security bulletins
Posted on 21 May 2012. | The Common Vulnerability Reporting Framework enables stakeholders to share critical vulnerability-related information in an open and common machine-readable format.

Review: LOK-IT Secure Flash Drive
Posted on 18 May 2012. | The OK-IT Secure Flash Drive comes with PIN-based hardware authentication. At FOSE 2011, LOK-IT was proclaimed to be the most innovative product at the show.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.






