Story image

Stolen password analysis reveals bookish trend

17 Jun 11

British magazine PC Pro took a look through the list of 62,000 email usernames and passwords stolen by LulzSec to see what they could learn about password behaviour. 

Results show a distinct trend towards the bookish, with several common genres and book-related words cropping up. A security expert believed this was because the passwords were leaked from a website for aspiring authors. 

"The next most common password, however, is 'romance', at 88 occurrences (tying with the rather more prosaic '102030'). After that, with 67 occurrences, is 'mystery'.

The theme continues: skipping over some more variations on the numeric theme, other popular passwords include 'shadow' (62), 'bookworm' (54), 'reader' (52), 'reading' (47), 'booklover' (33) and 'library' (26). It all points in a clear direction; and if you’re still doubtful, perhaps the smoking gun is the fact that 30 people have chosen 'writerspace' as their password."

The most commonly used password of all, though, was the predictable '123456' and the password 'password' came in at third most common.  

Google has the following tips for making sure you pick a good password:

  • Be creative. Don't use words that can be found in a dictionary.

  • Use at least eight characters.

  • Don't use a password that you have used elsewhere.

  • Don't use keyboard patterns (asdf) or sequential numbers (1234).

  • Create an acronym. Don't use a common one, like NASA or SCUBA. Combine it with numbers and punctuation marks.

  • Include punctuation marks and numbers. Mix capital and lowercase letters.

  • Include similar looking substitutions, such as the number zero for the letter 'O' or $ for the letter 'S'.

  • Include phonetic replacements, such as 'Luv 2 Laf' for 'Love to Laugh.'

  • Don't make your password all numbers, all uppercase letters, or all lowercase letters.

  • Find ways of collecting random letters and numbers, such as opening books, looking at license plates or taking the third letter from the first ten words you see.

  • Don't use repeating characters (aa11).

  • Don't use a password that is listed as an example of how to pick a good password.

Of course, you could pick the best password in the world but if websites continue to store user information in plain-text files, then vulnerabilities will still exist. 

Photo credit: Dave Bleasdale via Flickr.