Password Practice Revisited

A few months ago Randy and I put together a white paper on password "good practice" (http://www.eset.com/download/whitepapers/EsetWP-KeepingSecrets20090814.pdf). 

In it, I quoted the following table of The Ten Most-Used Passwords (sourced from http://www.whatsmypass.com):

1

123456

2

password

3

12345678

4

1234

5

pussy

6

12345

7

dragon

8

qwerty

9

696969

10

mustang

 Today, I came across an @SecurityGarden blog at http://securitygarden.blogspot.com/2009/11/passwords-and-user-names.html that quotes heavily from a report called Do and don'ts for p@$w0rd$ (http://blogs.technet.com/mmpc/archive/2009/11/27/do-and-don-ts-for-p-w0rd.aspx) from the Microsoft Malware Protection Center.

The blog (and report) covers some of the same ground, and includes Microsoft's list of the ten most used passwords for 2009 as compared to a list put together by PC Magazine in 2007. The similarities between the three lists are depressing.

The blog reiterates some good advice from the report, but also includes a useful link to Microsoft's password checker at http://www.microsoft.com/protect/yourself/password/checker.mspx. You might find it a useful tool for checking the strength of passwords you create when you've read one or more of these resources.

Of course, it's not an absolute guarantee of the strength or otherwise of a given password: for a start, it doesn't matter how strong your password is if you leave it in plain view on your desk….

(Tip of the hat to @securitygarden)

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

Also blogging at:
http://blog.isc2.org/
http://avien.net/blog
http://blogs.securiteam.com
http://dharley.wordpress.com/

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Author David Harley, ESET

Leave a Reply

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
29 Nov 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.