Jun 25 2012

LinkedIn Hack Reveals More Bad User Passwords

The basics of smart password security can’t be repeated enough.

Easy to hack user passwords

Oops! They did it again. Hackers hacked into a social media network and spilled all of the users’ login credentials like milk from a cereal bowl.

LinkedIn was the unfortunate victim of a security breach earlier this month, and although the social network for professionals was quick to respond to the incident, which saw 6.5 million user credentials exposed, it revealed the danger users expose themselves to by creating insecure passwords.

The worst passwords of 2011 should’ve made this point clear already, but here we are again, with another set of predictable, obvious passwords.

MSNBC.com compiled the 30 worst passwords from a sampling of the hacked logins. Here they are:

Ranking Password Phrase Number of Times Appeared
1 link 941
2 1234 435
3 work 294
4 god 214
5 job 205
6 12345 179
7 angel 176
8 :the 143
9 ilove 133
10 sex 119
11 jesus 95
12 connect 91
13 Fu** 85
14 monkey 78
15 123456 76
16 master 72
17 B***h 65
18 D**k 60
19 michael 52
20 jordan 48
21 dragon 46
22 soccer 45
23 Killer 32
24 654321 32
25 pepper 31
26 Devil 30
27 princess 29
28 1234567 28
29 iloveyou 26
30 career 26

Surprisingly, “password” didn’t make the list this time. “Career” for a career-oriented web site, however, is a cringeworthy selection.

So what makes a strong password? Bob Sullivan of MSNBC offers this tidbit:

[T]hink of a sentence that you can remember, and take the first letter of every word in the sentence as your password. For example: My daughter Julie was born on November 1 would yield a password of "MdJwboN1." Throw in an exclamation point at the end to show your love for your daughter, and you have a pretty strong, unique password.

It also doesn’t hurt to change your password regularly. If you’ve been using the same password for the past five years, it might be time to make a switch.