As a web developer, you’ve probably built a few login pages. But have you ever looked at the strength of the password that your users are signing up with? Bruce Schneier has. That page details an analysis of 34,000 actual passwords from myspace.
The top 20 passwords are (in order): password1, abc123, myspace1, password, blink182, qwerty1, fuckyou, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey.
And later, again unfortunately proving that I might have more in common with crypto-geek Bruce Schneier than my zoo-geek wife, he has this to say:
For those who don’t know, Blink 182 is a band. Presumably lots of people use the band’s name because it has numbers in its name, and therefore it seems like a good password. The band Slipknot doesn’t have any numbers in its name, which explains the 1. The password “jordan23” refers to basketball player Michael Jordan and his number. And, of course, “myspace” and “myspace1” are easy-to-remember passwords for a MySpace account. I don’t know what the deal is with monkeys.
I don’t get the monkey thing, either. Why does everyone love monkeys?
We’ve come a long way since that
omgbestmovieevar movie came out 10 years ago:
The Plague: Our recent unknown intruder penetrated using the superuser account, giving him access to our whole system. Margo: Precisely what you’re paid to prevent.
The Plague: Someone didn’t bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and …
Margo: [glares at The Plague]
The Plague: god. So, would your holiness care to change her password?
So … either people are getting smarter about their passwords, or at least they are getting trained to look like they are smarter. I guess that’s good, too.