The most common minecraft passwords. WiFi hack. Wi-Fi passwords. Free Internet. How Not to Do

The VK social network has an excellent security system that prevents users from guessing passwords for their pages, even if attackers learn logins from other people's accounts. In most cases, when an account is "hijacked", the user is to blame, and one of the reasons for this is the simplest password.

What does simple password mean? This is a lightweight password that usually consists of just a few numbers or letters. Here are examples of the simplest passwords:

• zxcvbn

• iphone

• 88888888

• password

• andrei

These are just a few examples, but you get the gist and that's the main thing. The more complex and, therefore, more secure the password, the lower the likelihood that the account will be opened by intruders.

How to come up with a complex password for VKontakte?

There are several different ways to come up with a password. We will consider one of the popular and at the same time existing schemes.

So, first, let's determine the number of characters in the password. As a rule, experts advise using at least 8 characters, but this is the very, very minimum (by the way, many users use a 6-digit password at best). And although 8 characters is the minimum recommended password length, the actual number of characters in it should be at least 10-12. Tell me, is that a lot? But the security of the account is hundreds and even thousands of times higher.

Now let's start creating a password. Remember, it should contain both numbers and letters of different case and even special characters.

The easiest option is to take some Russian word and write it in the Latin layout. For example, the word smartphone in English it looks like this: cvfhnajy. This word has 8 characters. Few? Wait, we're not done yet.

So the word cvfhnajy. We add a number to it, for example, some memorable one. Let it be the number 201. We get the word cvfhnajy201. Just in case, we write the password with a capital letter to complicate the task for attackers and get Cvfhnajy201. Enough? No, you need to add special characters, for example, * . Now our password looks like this − Cvfhnajy201*, as many as 12 characters, while the password itself is complex, and easy to remember. Of course, it is given as an example and we strongly do not recommend using it - come up with your own, good, it's easy.

By the way, just in case, you can write down the password somewhere in a notebook or notebook, and remove the latter as far as possible from human eyes.

Every 10th password is guessed in a couple of minutes

A popular site with 140,000 registered users conducted a study on the most common passwords. It turned out that the top 10 passwords are guarded by as many as 11,734 accounts (8.4% of the total), and another 5,590 people (4%) have the same password as their login.

Russian twenty

A popular site with 140,000 registered users conducted a study on the most common passwords. It turned out that the first 10 most popular passwords are guarded by as many as 11,734 accounts (8.4%), and another 5,590 people (4%) have the same password as their login.

And with such a large number of users studied, according to the laws of sociology, the sample is quite representative, which means that exactly the same situation with passwords is repeated on all other projects in Runet.

So, the 20 most popular passwords in Russian Internet services (find yours and change it immediately!):

12345;
123456;
11111;
55555;
77777;
qwerty;
111111;
00000;
666666;
123456789;
54321;
123321;
1234567;
123123;
gfhjkm;
7777777;
qwert;
22222;
555555;
123.

Top 20 MySpace.com Passwords

The set of fantasy users of the global Internet has not gone far from ours, the list of the most common passwords for one of the most popular social networks in the world - Myspace.com has become public:

password1;
abc123;
myspace1;
password;
blink182;
qwerty1;
fuckyou;
123abc;
baseball1;
football1;
123456;
football;
monkey1;
liverpool1;
princess1;
Jordan23;
slipknot1;
superman1;
iloveyou1;
monkey.

How to create a secure password

Use mixed case characters, both uppercase and lowercase, as well as numbers. This will force the hacker to spend more time and go through as many options as possible when trying to hack.

Change especially important passwords once a month. Also, in no case do not write down the password, but remember it.

Do not use a password that is automatically suggested by some sites - come up with your own.

In some popular online games, it is strictly not recommended to use a mailbox on mail.ru, yandex.ru and other free services - "sooner or later you will lose your character." Therefore, at a minimum, use the password only once, and not on several Internet sites.

The recently ended 2016 was not an important year in terms of information security. Many vulnerabilities were discovered in the software, many IoT devices were affected by various viruses, from which a botnet was formed, capable of performing record-breaking DDoS attacks that could disable some Internet services.

But even more frustrating is the way people choose their passwords. The resource keepersecurity.com published the most popular passwords of 2017. These are the passwords that users used to protect their data in 2016.

There have been several major user data breaches over the past year, with Yahoo recently announcing the data breach of almost 1 billion accounts. The researchers analyzed more than 10 million publicly available passwords and the result is this list.

The password is used to protect your devices and personal data online from unauthorized access. Our security on the internet is just as important as it is in the real world. But some people don't seem to get it. Otherwise, why is the password 123456 in the first place? Almost 17% of users have protected their account with this password. And here is the top 25 most popular passwords:

1. 123456;
2. 123456789;
3. qwerty;
4. 12345678;
5. 111111;
6. 1234567890;
7. 1234567;
8. password;
9. 123123;
10. 987654321;
11. qwertyuiop;
12. mynoob;
13. 123321;
14. 666666;
15. 18atcskd2w;
16. 7777777;
17. 1q2w3e4r;
18. 654321;
19. 555555;
20. 3rjs1la7qe;
21. google
22. 1q2w3e4r5t;
23. 123qwe;
24. zxcvbnm;
25. 1q2w3e;

Top most popular passwords in the original:

This list includes 25 passwords, which make up 50% of the total 10 million passwords. Most of them are very predictable, even if they are long. But most of the passwords in the list consist only of numbers and are very short. The safer ones seem to be 1q2w3e4r and zxcvbnm, but once you try typing them on the keyboard, you'll see what's going on.

The question arises why 18atcskd2w and 3rjs1la7qe are on the list of the most common passwords. They are quite complex and it is not easy to sort them out. But there is one theory, most likely, these are passwords that are used by many bots for mailing, spam, it is generated once and is used everywhere.

In no case do not use passwords from this list, and if you use them now, then change them so as not to put your personal data at risk. Here are some rules for choosing the right password:

• Use different characters, letters, numbers, mixed case characters, special characters, etc. to protect your password from a brute-force attack;
• Avoid using terms, words, or phrases. Enumeration programs first try the most common options, and then switch to regular dictionaries;
• Use - many users set easy passwords because it is difficult for them to remember complex combinations. Password managers will store your passwords in a safe place and only give them to you when you need them;
• Never, ever leave the default passwords for your devices. It does not matter that these are standard passwords for wifi or other IoT devices. This is equivalent to the fact that there is no password at all and anyone can access it.

findings

In this short note, we looked at the most popular passwords users use to protect their accounts and systems. Be vigilant and do not make such mistakes. This is very important, first of all, for you.

The analysts' conclusions turned out to be disappointing: a remote dictionary attack allows 37% of accounts to be compromised, as the majority of users continue to choose the simplest combinations of letters and numbers to protect their computers and systems installed on them.

Thus, it is estimated that the most common passwords for Russian users are passwords consisting only of numbers: they account for approximately 53%. 88% of the passwords used are passwords containing either numbers or lowercase English characters, or both.

At the same time, the passwords used by Russian users in most cases do not exceed 8 characters, and only a few use passwords longer than 12 characters. At the same time, passwords up to 8 characters are highly likely to be compromised in real conditions, experts say.

The Russian list of the most common passwords for 50% consists of characters located next to each other (1234567, qwerty) - these combinations are included in the TOP-10 common passwords.

Paradoxical conclusions were made when analyzing the passwords of administrators of information systems. Despite using longer passwords, 15% of administrators choose "dictionary" passwords or passwords that match the username (10%), and in 2% of cases there is no password at all.

Another group that distinguished itself in the course of the study were women. Their passwords have been found to be somewhat more vulnerable to an attacker due to the more frequent use of dictionary passwords. A remote attacker, on average, takes less time to pick them up.

The report also addresses the problem of using "weak" passwords in the context of compliance with the PCI DSS (Payment Card Industry Data Security Standard). According to the study, 74% of passwords used in the corporate sector do not comply with the PCI DSS standard.

All of the above factors - the length of the password, the character set used, the complete or partial match of the password with the username (login), the presence of the password in publicly distributed dictionaries - are of fundamental importance for its security and resistance to hacking. It is estimated that the imposition of elementary restrictions, such as control of the minimum length and password complexity, reduces the likelihood of a system being compromised by more than 10 times, Dmitry Evteev, Positive Technologies information security expert, concluded.

“The data obtained by Positive Technologies also confirms the observations of LK analysts,” comments Vitaly Kamlyuk, a leading anti-virus expert at Kaspersky Lab. - I would like to add that in addition to the risk of using simple or "predictable" passwords, there is another threat - users often use the same password for different resources. Indeed, today the average user, in order to be safe, must keep in mind dozens of passwords for various online services. However, wanting to simplify their lives, many users often begin to use the same passwords to access everything - to mail, social networks, etc. And this sometimes leads to the fact that the password for accessing some dubious resource turns out to be the same as and, for example, a code to an electronic wallet.

According to Anton Kryachkov, director of Aladdin products, Positive Technologies' research "uses an extensive set of sources and is based on 'live' data, which is especially valuable." However, according to him, ensuring the protection of corporate information based on "a primitive login-password pair is similar to building a brick house on a plasticine foundation." “Ensuring a secure authentication procedure within a company's information system is the primary platform for additional security measures such as secure access to databases, portals, physical access control and application access control,” Kryachkov said.

And now the Top 10:

1. 1234567
2. 12345678
3. 123456
4. Empty string
5. 12345
6. 7654321
7.qweasd
8. 123
9.Qwerty
10. 123456789

The other day, the news spread all over the Internet that someone stole the passwords and logins of Vkontakte users, and then carefully posted them with a Word file for everyone to see. I wonder how webplanet.ru analyzed this information. Read and change your passwords :)

From the article:
... The number of weak passwords can be considered the main sign of mental fading. 1344 people (or 3.36 percent of 40,000 unique users) protect their personal data not only with simple, but also common passwords (we included those that occur more than 10 times as common).

Here are twenty of the most popular ones:
Password Number Percent
123456 134 0,34%
123456789 85 0,21%
qwerty 85 0.21%
111111 51 0,13%
1234567890 41 0,10%
7777777 39 0,10%
123321 34 0,09%
666666 33 0,08%
1234567 31 0,08%
123123 29 0,07%
12345678 26 0,07%
qwertyuiop 26 0.07%
qazwsxedc 25 0.06%
000000 23 0,06%
love 23 0.06%
555555 22 0,06%
zxcvbnm 22 0.06%
654321 19 0,05%
gfhjkm 19 0.05%
1q2w3e4r 18 0.05%

Note 1: If suddenly someone did not guess, "gfhjkm" is the word "password" typed in the Latin keyboard layout. Many consider this technique very tricky.

Note 2: The vigilant administration of the resource has for some time prohibited changing passwords to purely digital ones, however, creating new accounts with such passwords is still allowed.

A few words about the main disease of Internet addicts - copy-pasting. Recall that in the social network we are considering, email addresses are used as logins. So, for 343 users (0.86%), the password is identical to the login on the mail service (i.e., parts of the postal address before the "dog"), and for another 67 people (0.17%), the password completely matches the login (i.e. e. to the entire address, including "dog" and what follows).

Who was that smart man who said that holy simplicity is worse than theft?

Where is his button?

I would like to say a special word about one of the popular passwords that were not included in the TOP-20.

On the settings page, in the section for changing the user password, the administration posted the following simple instructions:

Make sure the CAPS-Lock button is not enabled
Password must be at least 6 characters long
Better yet, use both letters and numbers.
"kNOpKA" and "knopka" are different passwords

As expected, 16 people out of 40 thousand (0.04%) chose the word given in the last line as their password. Of these, 12 used the "knopka" variant, 2 - "button" and 1 - "KNOPKA". Another advanced girl got herself a password "ryjgrf", that is, a "button" in the Latin layout.

It would seem that 0.04% is an insignificant figure. However, on the scale of the entire service, this is no longer 16, but 15,600 accounts. And this key was carefully put into the hands of the attackers by the administration itself!

Call me!

More than seven thousand passwords in the database under consideration are completely digital sequences (considered non-secure), of which no less than a thousand (that is, more than 2.5%) resemble phone numbers to one degree or another. It's worth noting that we've only looked at seven-digit and ten-digit numbers, so this figure could be a huge underestimate. Add to them 237 11-digit passwords starting with "80" (healthy boules, great Ukrainian friends!) And a dozen more telephone passwords starting with "+". Considering that VKontakteers are very willing to publish phone numbers on their personal pages, and it’s not so difficult to buy telephone databases, it’s impossible to consider such passwords reliable.

Not bad? But we haven't said a word about love yet.

Love will open all the bolts

"Love" in one form or another is present in 332 passwords (0.83%). This also includes the words "love", "beloved", "beloved" and their combinations with a proper name. If the figure of 0.83% does not impress you, add here an uncountable number of passwords with names (in particular, nicknames, surnames and initials) of your beloved girl, beloved young man, and also beloved yourself.

Among the passwords with names, there are such crypto-resistant ones as "loveserezhu", "SurnameName" and even "pusenka" (with an email address starting with "pusya"). Recall that the name of a loved one, not to mention the name of the person himself, can be easily taken from personal data directly on the site.

Sorry, birthday...

Another type of insecure passwords widely used are dates. Indeed, it's much harder to forget a password if it matches someone's date of birth. We counted at least 1,200 passwords in our database (3 percent of the total) in formats like HHMMYYY and YYYYMMHH.

Information about the date of birth of the user or his immediate environment is often open for review. Moreover, the service warns the user's friends a few days in advance about the (coming hack) approaching the holiday. If the date of birth is still hidden, you can try to find it in the same telephone databases.

In fairness, we note that with the date or year of birth, it is quite possible to create quite strong passwords. It is enough to add a few letters before, after or between the numbers. According to our estimates, about 0.5 percent of users do this, although some of them spoil the whole thing by adding their name instead of random letters.

Counted - wept

Total we have:
Common passwords 1344 3.36%
Estimated phone numbers ~1300 ~3.25%
"Love" (excluding included in paragraph 1) 309 0.77%
Email address match
(up to "dog" or completely) 410 1.02%
Dates of birth (XX century only) ~1200 ~3%

Thus, in total, we have up to 11.4 percent of passwords that anyone can crack, provided that he knows the user's email address, has access to his personal data and is ready to spend five minutes of his precious time.

Add to this passwords that match proper names (which we were too lazy to count, but we are talking about ten percent, no less) and digital passwords that are quickly cracked by elementary brute force (their share, minus phone numbers and dates, is somewhere around 11 percent) - and you get a depressing picture.

The situation is aggravated by the fact that the rules of the service require the user to lay out all the ins and outs about himself. The presence of such a mass of personal information in the public domain is just a holiday for a potential hacker.

Disclaimer

Of course, in the process of counting, we made a number of assumptions. And the database under study cannot be called absolutely reliable. For example, some users clearly could not remember their passwords and simply tried to guess them. And a few quick-witted users, we must give them their due, even took advantage of the login-password form to send phishers on an erotic journey on foot.

The sample itself, despite its very decent size, cannot be considered completely representative either, since we are talking only about users who, firstly, managed to catch the infection, and secondly, guessed to give their passwords into the wrong hands - that is, about people , obviously naive in matters of security.

However, after reviewing other similar studies conducted in various parts of the world (if you like - Google to help you), we venture to suggest that in our conclusions we rather downplayed the tragedy than exaggerated it.