Adobe Hack Emphasizes Users Continued Use Of Useless Passwords

badpass

It seems that no matter how many warnings, despite all the advice, regardless of all the useful articles on the matter, computer users everywhere just can’t help themselves from creating really, really, crappy passwords.

After analyzing the list of users passwords made available online from the recent Adobe hack we’ve compiled a list of the top 20 easy to remember and equally easy to guess passwords with “123456” topping the list with 1,911,938 people using it.  That’s right, nearly 2 Million people use “123456” as their password.

As reported earlier the recent breach of Adobe’s network has dropped a list of nearly 150 Million User Name/Password pairs into the hands of online criminals.  Now the vast majority of those accounts are no longer used, Adobe reports that ‘only’ 38 Million accounts are those of active users, many of the emails are still valid and chances are the User Names and Passwords of inactive accounts are probably still active on other sites.  After all if someone uses 123456 as a password chances are they’re too lazy to come up with a different password elsewhere.

Now that the list of stolen accounts is showing up online security researchers are uncovering troves of Passwords despite Adobe assuring us they are encrypted.  Adobe kind of made it easy for us by using Symmetric key encryption over hashing, using ECB mode, and using the same key for every password.  All the same even if they had made it harder to un-encrypt the data many of the Users were kind enough to flat-out give us their passwords in the password hint which is included in the data.

Crap Passwords

Here’s the list of the top 20 passwords Adobe Users were using to protect their accounts.  This could also double as the top 20 list of truly useless passwords anyone could come up with.  Next to the password is the number of people on the list who used it.  If you’d like to see the top 100 easy passwords to crack that actual Adobe users were using check it out here.

  • 123456 - 1,911,938
  • 123456789 - 446,162
  • password - 345,834
  • adobe123 - 211,659
  • 12345678 - 201,580
  • qwerty - 130,832
  • 1234567 - 124,253
  • 111111 - 113,884
  • photoshop - 83,411
  • 123123 - 82,694
  • 1234567890 - 76,910
  • 000000 - 76,186
  • abc123 - 70,791
  • 1234 - 61,453
  • adobe1 - 56,744
  • macromedia - 54,651
  • azerty - 48,850
  • iloveyou - 47,142
  • aaaaaa - 44,281
  • 654321 - 43,670

Now if those are the passwords people think are securing their online accounts I can only wonder if they also keep a key to their house under the doormat and leave their cars running and unlocked outside the local welfare office while they go to lunch?

I mean if someone uses “123456” on one site chances are they do the same thing on all the other sites they have accounts with.  After all you’d only get confused if you started using different numbers at different sites, unless you keep all your passwords in a text file on your computer titled “Here are all my passwords”.  And if someone uses “adobe123” at one site it’s not a far stretch to guess they use “facebook123”, or “twitter123” or – well you get the picture.

Either way if you’re one of those who use super simple passwords everywhere because it’s super hard to remember passwords and we have so many of them then why not subscribe to our newsletter so you’ll be able to find some of the really easy ways we use to not only keep our passwords and online accounts secure but still be able to remember how to access them weeks and months after they are created.

Thoughts and Comments