Ask anyone who’s wary of shopping online what their main hang-up is about it and odds are they’ll tell you it is security. Many people just don’t feel safe putting their financial and private information out onto the web when making purchases, and it’s a credible concern. Paramount to the issue of web security is the use of safe and creative passwords for the various sites that individuals visit.
We ran a blog over a year ago that covered the the 10 Commandments of Safe Online Shopping, and right there in the middle you’ll see one “commandment” on creating online passwords that are unique and difficult to steal. Sadly, it appears many web users still aren’t heeding the advice, according to a report by database security vendor Imperva Inc.
Imperva recently analyzed more than 32 million passwords that had been exposed in a database intrusion at RockYou, Inc., the developer of a handful of popular Facebook applications. The passwords, belongingto RockYou registered users and stored in the company database in clear text, were eventually posted to the web by the hacker who found them.
Imperva took that list and analyzed it, looking for trends in what might be one of the largest pools of data ever used to study online passwords. Outward indications of the study’s findings reveal that people, for lack of a better phrase, are pretty lazy about their online passwords.
Among those 32 million passwords, Imperva reports that about 30% of them were six characters or smaller, while 60% were passwords created from a limited set of alphanumeric characters. Nearly half of the samples contained easily guessable names, common slang words, adjacent keyboard keys and consecutive digits as their passwords. In fact, the most common password among RockYou users was “123456,” followed by “12345″ and “123456789.” The other passwords rounding out the top five were “password” and “iloveyou.”
Additionally, many of the top 5,000 passwords in the list were identical to those found in password dictionaries, which are used by hackers to force their way into accounts, said Amichai Shulman, chief technology officer at Imperva. On average, an attacker using such a password dictionary would have been able to crack a RockYou account at the rate of roughly one every second by using an automated password-guessing tool, he said.
Imperva’s report is not the first of its kind but the sheer size of the sample used is what makes it extremely relevant. And while RockYou represents what is known as a low-value account, previous studies on the subject overwhelmingly show that individuals tend to use the same password for multiple accounts, including those for their online banking, finance and of course, shopping.
What can you take away from all of this information? Well for starters, recognize the reality that cyber criminals are very resourceful and competent individuals and chances are, if you leave yourself open to an attack, it’s only a matter of time before one happens. While shopping online is generally not an unsafe venture, you should still do everything possible to protect your identity and sensitive information for all of your internet activities.
You must be diligent with your online passwords. Do not use the same password across various channels; doing so makes it that much easier for a hacker to expose you. Experts recommend changing your passwords frequently, as in every 6 months or so, and keeping an offline list of all of them so you can keep track. Don’t use pet names, birthdays or even nicknames as they’re generally the first to be hacked.
Instead, use longer passwords (the more characters, the harder it is to hack) that incorporate BOTH letters/words and numbers/characters. Adding a capital letter or two to a lengthy password is advisable, as is creating passwords from obscure word variations or from fake words altogether. That’s right, just make up words on your own and it will lessen the likelihood that it’s a password that can be cracked. Always assume that there is someone, somewhere tracking your online activities and possibly keeping an eye on your security measures. In this case, paranoia is definitely in your best interests!
Google Imperva to read more about the full report, and leave us your suggestions, questions and comments below!
