'Password1' Revealed to be Most Common (and Terrible) Password
"Use a strong, complex and difficult-to-guess password." Anyone with a computer has heard this countless times, and yet this simple piece of advice still, shockingly, manages to elude employees at some of the most prominent global businesses.
In fact, 80 percent of the more than 300 cybercrime incidents in 2011 examined by Trustwave in its 2012 Global Security Report were a result of poor administrative passwords.
Trustwave found that employees often choose passwords based on local sports teams, or create passwords based off the name of their company, both of which are poor choices.
In fact, "poor" doesn't accurately describe these terrible passwords.
In analyzing more than 2 million passwords used in corporate information systems, Trustwave found that the most common password used by global businesses is "Password1," simply because it satisfies the minimum character requirement in Microsoft's Active Directory.
Of the top 25 passwords used in corporate environments, the word "password," or a variation of it — "p@ssw0rd," "passwo0rd" — was found in 14 of them. Other vulnerable passwords included "welcome," "welcome1," "summer09," "winter10," "summer11" and "summer2011" — presumably the seasons these employees wished to be hacked.
"System logins require a username and a password," Trustwave explained, "and often these combinations are pitifully simple: administrator: password, guest: guest, and admin: admin were commonly found in our investigations."
Whether you're a corporate executive or just using the Web to check your fantasy stats and update your Facebook status, it's important to choose a strong password that can't be easily cracked, or deciphered by some simple snooping through your social media profile. Whichever one you end up with, make sure it does not include "password" in it, unless you really don't care about your online identity.