Guys, we don’t know what to say. In spite of our weekly — sometimes daily — exhortations to beef up your password security, your passwords are still awful.
Passwords exposed in data breaches | Credit: CBT Nuggets
Even if you’ve been clever enough to add a number or an upper-case letter somewhere, you’re still using short, common names and words as your building blocks, according to an analysis of more than 50,000 leaked email addresses and passwords. Luckily, there are steps you can take to mitigate your online risk — and one of them might be changing your email provider.
CBT Nuggets, an IT training organization based in Eugene, Oregon, analyzed email addresses and passwords exposed in various data breaches over the last few years. Not only are a great deal of passwords easily guessable, but your risk may actually increase depending on what your name is (bearing in mind what Mark Twain said about “lies, damned lies, and statistics").
The lessons here are pretty much Internet Security 101, but they're extremely important.
Use a strong password that doesn’t contain your own name, or the name of someone close to you.
If your e-mail provider suffers a data breach, change your password right away.
CBT Nuggets also recommends using a password manager service like LastPass, which put an extra layer of security between hackers and users.
MORE: Best Password Managers
First and foremost, CBT Nuggets compiled a list of the most common words used in passwords. “Love” topped the list by a wide margin (479 appearances among the 50,000), followed by “star,” “girl” and “angel.” “Mike” and “John” also made appearances — not terribly surprising, as Mike and John are some of the most common names in the English-speaking world.
Your name might seem like an incidental factor in a data breach, but CBT Nuggets found something interesting: a whopping 42 percent of victims used some variation of their own name in their passwords. This is even worse than using a pet’s name or friend’s name (also easily guessable), as names are often included in usernames or e-mail addresses. Women named Amy and Lisa were particularly prone to this bit of vanity, as well as men named Scott and Mark.
The bad news, of course, is that even having a strong password may not help in the event of a data breach; hackers can glean both secure and insecure passwords alike. However, some email providers are more prone to this sort of attack than others.
Forty-eight percent of the leaked passwords came from Yahoo email addresses, while 18 percent came from Hotmail, and 17 percent from Gmail. Interestingly, only 7 percent came from AOL. These numbers probably have more to do with how many users employ each email service than each domain’s security practices, so take them for what they’re worth.