background preloader

Why Social Engineering Should Be Your Biggest Security Concern

Why Social Engineering Should Be Your Biggest Security Concern

What's My Pass? » The Top 500 Worst Passwords of All Time From the moment people started using passwords, it didn’t take long to realize how many people picked the very same passwords over and over. Even the way people misspell words is consistent. In fact, people are so predictable that most hackers make use of lists of common passwords just like these. To give you some insight into how predictable humans are, the following is a list of the 500 most common passwords. There are some interesting passwords on this list that show how people try to be clever, but even human cleverness is predictable. “…Approximately one out of every nine people uses at least one password on the list shown in Table 9.1! Lists the top 500 worst passwords of all time, not considering character case. Source: Perfect Passwords, Mark Burnett 2005

10,000 Top Passwords Back when I wrote Perfect Passwords, I generated a list of the top 500 worst (aka most common) passwords which seems to have propagated quite a bit across the internet, including being mentioned on Gizomodo, Boing Boing, Symantec, Laughing Squid and many other sites. Since then I have collected a large number of new passwords bringing my current list to about 6,000,000 unique username/password combos, including many of those that have been recently made public*. At some point I will make this full data set publicly available but in the meantime, I have decided to release the following list of the top 10,000 most common passwords. This list is ranked by counting how many different usernames appear on my list with the same password. Note that for this list, I do not take capitalization into consideration when matching passwords so this list has been converted to all lowercase letters. Here are the files: 10,000 Most Common Passwords List10,000 Most Common Passwords with Frequency

forwarding email, themes, Why passwords have never been weaker—and crackers have never been stronger In late 2010, Sean Brooks received three e-mails over a span of 30 hours warning that his accounts on LinkedIn, Battle.net, and other popular websites were at risk. He was tempted to dismiss them as hoaxes—until he noticed they included specifics that weren't typical of mass-produced phishing scams. The e-mails said that his login credentials for various Gawker websites had been exposed by hackers who rooted the sites' servers, then bragged about it online; if Brooks used the same e-mail and password for other accounts, they would be compromised too. The warnings Brooks and millions of other people received that December weren't fabrications. Within hours of anonymous hackers penetrating Gawker servers and exposing cryptographically protected passwords for 1.3 million of its users, botnets were cracking the passwords and using them to commandeer Twitter accounts and send spam. Newer hardware and modern techniques have also helped to contribute to the rise in password cracking.

How Apple and Amazon Security Flaws Led to My Epic Hacking | Gadget Lab In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. In many ways, this was all my fault. Had I been regularly backing up the data on my MacBook, I wouldn’t have had to worry about losing more than a year’s worth of photos, covering the entire lifespan of my daughter, or documents and e-mails that I had stored in no other location. Those security lapses are my fault, and I deeply, deeply regret them. But what happened to me exposes vital security flaws in several customer service systems, most notably Apple’s and Amazon’s. This isn’t just my problem. ‬The very four digits that Amazon considers unimportant enough to display in the clear on the Web are precisely the same ones that Apple considers secure enough to perform identity verification.‪ I realized something was wrong at about 5 p.m. on Friday. Lulz. “Wait. “Mr.

Related: