2. Open Sesame!
Ah passwords, humans have been using them to safeguard secret information since ancient times. From
protecting critical missions to guarding hidden treasure, there’s something magical about a password’s
ability to lock out intruders and open secret doors.
Today, modern man is still using passwords to safeguard information and protect treasures locked away in
various online accounts. To unlock our top 10 password facts, read on, no password required.
3. The Birth of the Modern Password
Quick, in what decade was the first-ever computer password used? Here are a couple of security-
related hints: it’s the same decade in which The Berlin Wall was built, and the one and only successful
escape from Alcatraz occurred. If you guessed the sixties, you are correct. According to legend, MIT’s
CTSS computer and IBM’s Sabre ticketing system were built in the early sixties and they were the first
computers to ever require passwords.
Fun Facts: Top 10 Literary, Movie & TV passwords
Swordfish — from the movie Horse Feathers
(and other Marx Brothers’ movies)
zxcvb — from the movie Hackers
Caput Draconis — from the book Harry Potter
and the Philosopher’s Stone
Z1ON0101 — from the movie Matrix Reloaded
Alligator — from the TV show Scrubs Peek-a-boo — from the TV show Babylon 5
12345 — from the movie Spaceballs Joshua — from the movie War Games
Open, Sesame! — from the book One
Thousand and One Nights
Valley Forge — from the movie National
Treasure
Source: http://www.streetwise-security-zone.com/members/streetwise/blog/VIEW/00000016/00000145/
Source: http://www.wired.com/wiredenterprise/2012/01/computer-password/
6
7
8
9
10
1
2
3
4
5
4. What’s the Password?
The 2013 Adobe security breach is a cyber-crime that brought a lot of shock and awe. Initially, Adobe
reported 3 million customer accounts and passwords had been hacked, but that number has since grown
to over 152 million. Perhaps the most shocking revelation from the Adobe event is not how many accounts
got hacked, but how many accounts used passwords so bad a trained monkey could hack them.
123456 123456789 password adobe123 12345678
used by nearly
2,000,000
accounts
used by 446,162
accounts
used by 345,843
accounts
used by 211,659
accounts
used by 201,580
accounts
Source: http://www.zdnet.com/just-how-bad-are-the-top-100-passwords-from-the-adobe-hack-hint-think-really-really-bad-7000022782/
Bonus: Top 5 Runner-Ups for Worst Adobe Passwords Include: qwerty; 1234567; 111111; photoshop
and 123123.
FACTS:
Adobe’s Most Popular Passwords — That No One Should Ever Use:
5. What’s Your Password Worth?
Possibly 20 Years in Prison.
Whoever said, ‘crime doesn’t pay’ must not have attended the $75,000 birthday party of one of America’s
most notorious hackers, Albert Gonzalez, who also once complained of having to hand-count $340,000.
The leader of the crime ring, Shadowcrew, Gonzalez and his team specialized in stealing and re-selling
to fellow cyber criminals: credit card and ATM numbers, e-mail accounts, usernames, passwords and
other personal information. Luckily, the feds caught up with Albert and repaid him for his crimes with the
longest sentence ever given to a hacker, 20 years.
So how do you avoid being that company who missed its calling? You track every call that’s made like
you’re a government agent, only less creepy and more helpful.
FACTS:
Longest Sentences for Hacking
1. Albert Gonzalez — 20 years
2. Max Ray Vision — 13 years
3. Brian Salcedo – 9 years
4. Kevin Mitnick — 5 years
Source: http://en.wikipedia.org/wiki/List_of_computer_criminals
6. What’s Your Number?
According to a recent password survey, if you’re anything like the average American you have at least 5
passwords you are currently using to access everything from devices and apps to corporate networks.
Chances are that number will rise as you age, or if you move to Norway where the average person
maintains a whopping 25 passwords — 17 for personal use and 8 for work-related endeavors.
FACTS:
Password Hoarding in America
have 5 or more
online passwords
79%OF ADULTS
58%OF ADULTS
89%OF ADULTS
have 10 or more
online passwords
have 21 or more
online passwords
average number of passwords used by people ages 18-346
8 average number of passwords used by people age 35 and up
Source: http://janrain.com/about/newsroom/press-releases/online-americans-fatigued-by-password-overload-janrain-study-finds/
Source: http://passwordresearch.com/stats/statistic305.html
7. Go Long! (As In Over 13 Characters)
It used to be that 8 character passwords with upper and lowercase letters and symbols were a safe bet
against a hack-attack. As with all things in the realm of technology, password-cracking programs have
become faster, and some boast the ability to make 350 billion guesses per second, which means they
can crack an 8-character password in seconds. To protect yourself, experts now recommend passwords
contain at least 13 to 20 characters and not include names, words, or common phrases found in the
dictionary.
During a company IT audit, it was discovered that an employee was
using the following password:
“MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento”
When asked why, the employee replied, “Duh, it has to be at least 8
characters and include one capital.”
Source: http://arstechnica.com/security/2012/12/25-gpu-cluster-cracks-every-standard-windows-password-in-6-hours/
Source: http://community.spiceworks.com/topic/395355-longest-password-ever
FUN PAGE:
Password Humor
8. Your Mind May Not Know the Password,
But Your Muscles Do.
MythBusters TV hosts, Adam Savage and Jamie Hyneman, featured a new password theory that may
help 007-types not give up passwords when tortured. The theory, developed by Stanford grad student
Hristo Bojinov, states you don’t have to consciously know a password to use it if you store it in your implicit
memory, which is where you house things your muscles memorize and perform on a subconscious level.
To prove his theory, Bojinov created 30-character password sequences that he taught to a group of
subjects via a game of Guitar Hero. Subjects pressed the keys repetitively, teaching their fingers a very
long password they could never consciously recall. Several weeks later, players were retested and their
fingers were able to recall the sequences. High fives for secret agent Phalanges and his clever companion,
Double-Thumbs.
have been the
victim of online
crimes due to
their accounts
being hacked
600,000
FACEBOOK ACCOUNTS
75%OF AMERICANS
90%
OF BUSINESSES
have been hacked
in the last year
are hacked everyday
92%
OF THE TOP 100
paid iOS apps
have been hacked
100%
OF THE TOP 100
paid Android
apps have been
hacked
75%
OF PEOPLE
use the same
password for
multiple accounts
Source: http://www.tested.com/tech/concepts/458873-storing-passwords-procedural-memory/
Source: http://www.clubcloudcomputing.com/2013/01/infographic-on-hacking-statistics/
9. True Love = A Password Shout-Out.
For one out of every six people, the easiest way to remember a password is to include the name of the
one who is nearest and dearest to their hearts, their best friend, their confidant…their pet. Of course, pets
aren’t the only ones whose names we long to type every time we log in. Over 33% of women use the name
of their boyfriend, husband or partner in their passwords, while only 5% of men mention their girlfriend,
wife or partner in their passwords. Apparently, men are sticking with the man’s best friend option.
Fun Facts: Top 10 Most Popular Password Types
Pet’s name Birthplace
A significant date (i.e. wedding anniversary) Favorite holiday
Relative’s birthday Favorite football team
Child’s name Current partner’s name
Family member’s name The word ‘password’
6
7
8
9
10
1
2
3
4
5
Source: http://grahamcluley.com/2013/08/pet-name-passwords/
Source: http://www.freeauth.org/passwords
10. Kicking Hacker’s Top 5 Nasty Habits
Sure hackers might have some amazing computer skills that border on evil genius, but like most people, if
they find something simple that works, they user it over, and over, and over again. Here are the top 5 lazy
ways most hackers get what they want:
Server Hacking — Hackers seek servers that store passwords in plaintext because it’s a quick way
to get access to a lot of accounts (Yahoo lost 450,000 usernames and passwords to this method).
Hijacking — Hackers intercept communications between two machines (i.e. a server and a client,
two clients, a router and a client, etc.).
Trojan — Hackers offer a downloadable freebie online or via email that has malware attached.
Social Engineering — Hackers sends emails and other notifications while posing as a legitimate site
(aka phishing) or call tech support while posing as someone else and reset account passwords.
Brute Force — Hackers use password-cracking programs to make a large number of rapid
intelligent username/password guesses.
1
2
3
4
5
Source:http://www.magicwebsolutions.co.uk/The+Password+Facts+that+Hackers+Dont+Want+you+to+Know
11. FACTS:
Hackers wear many hats. Below are a few of the most popular types:
hacker who breaks security for non-malicious reasons, i.e. to test a personal
security system or perform penetration tests, vulnerability assessments, and
more for a security company.
WHITE HAT
hacker who violates computer security for malicious reasons or personal
gain. They break into secure networks to destroy data or make the network
unusable for authorized users.
BLACK HAT
hacker who breaks into computer systems for the sole purpose of notifying
the administrator that their system has a security issue. They may offer to
correct the issue for a fee.
GREY HAT
hacker outside a computer security consulting firm hired to bug test systems
prior to launch.
BLUE HAT
Source: http://en.wikipedia.org/wiki/Hacker_(computer_security)
12. Sometimes It’s NOT Good to Share.
Yes, we know your kindergarten teacher taught you that it’s nice to share, but she was woefully wrong,
especially when it comes to your password. Frighteningly, it seems most people are content to share their
passwords willy-nilly, including National Security Agency (NSA) employees. In fact, do you know how
Edward Snowden (a former NSA contractor who leaked classified information to the media) obtained the
usernames and passwords for approximately 25 NSA employees? He simply told people he needed them to
do his job as a system administrator.
have shared a
password with a
friend or partner
WOMEN
ARE MORE LIKELY
30%
OF TEENS
48%
OF PEOPLE
have shared a
password with
someone else
to share their passwords
than men
GIRLS
ARE TWICE AS LIKELY
likely to share passwords
as boys
Source: http://grahamcluley.com/2013/08/pet-name-passwords/
13. Who’s Got the Toughest Password?
A password study at Carnegie Mellon University (CMU) discovered a disturbing trend for companies
looking to hire business school graduates — they consistently create the weakest passwords. Not
surprisingly, people associated with CMU’s computer science and technology school chose the strongest
passwords. In short, given the same number of attempts, an experienced offline hacker could gain 124
business school passwords for every 68 computer science school passwords.
FACTS:
Password Weakness at CMU (From Weakest to Strongest)
BUSINESS
POLICY
ARTS
HUMANITIES
ENGINEERING
SCIENCE
COMPUTER
SCIENCE
Weakest Strongest
Source: http://grahamcluley.com/2013/08/pet-name-passwords/
14. CloudEntr — Keeping Passwords Safe,
Secure and Simple
We hope you have enjoyed our eBook, “Top 10 Fascinating Facts About Passwords.” At CloudEntr, we
believe the best password technology is unbelievably easy for employees to adopt, and yet exceptionally
secure. To learn more about us, download more ebooks, or register for a free trial, please visit
CloudEntr.com/latest-resources.