Click me

LinkedIn Passwords Lifted

LINKEDIN LIFTED passwords WHAT HAPPENED ? **************** B 6.46 MILLION STOLEN LINKEDIN PASSWORDS JUNE 6TH 2012 POSTED ON A RUSSIAN HACKER FORUM 3.7 MILLION HASHES ALREADY CRACKED *******************k******************************************** ******* LESSONS LEARNED *** BAD PASSWORDS MAKE BAD PASSPHRASES We are seeing a trend of Internet users trying to use simplistic passphrases on Internet sites. They are failing for the simple fact that many are using words that have been long considered as bad passwords. Password cracking algorithms include these bad passwords as a part of their recipe. *******************k***************************************************************** TOP 30 PASSWORD PATTERNS FOUND IN ANALYSIS OF 165,000 CRACKED 941 link 95 jesus 435 1234 91 46 dragon connect 294 work 45 SOccer 85 f**k 214 god 32 killer 78 monkey 32 654321 205 job 76 123456 31 pepper 179 12345 72 30 devil master 176 angel b**ch 29 princess 65 28 1234567 60 d**k^ 143 the 26 iloveyou 52 michael 133 ilove 26 career 48 jordan 119 sex ^WORDS AMENDED FOR PUBLICATION. FEEL FREE TO USE YOUR IMAGINATION O ************************************************************************************ COMMON MISTAKES WHILE SETTING PASSWORDS WATCH THE LANGUAGE F**K Passphrases that contain foul language are like a double whammy because not only are they weak, they also can be embarrassing to the owner of the password when they are disclosed. You don't want to be that person that is cursing about your boss as a part of your passphrase. These types of passphrases can have you using Linkedln to look for another job! Curse words are also near the top of any brute force dictionary. BAD RELATIONSHIP Many users created passwords related to the site, which is a bad move. In the case of the Linkedin data, "link", "work", "job", "connect", and "career" were all in the top 20 patterns used according to our analysis. Also, if you use Link? a seven-character related word for a password or passphrase when the average password is eight characters you are setting yourself up for disaster. LOSING RELIGION When it comes to passphrases, losing religion is a good thing. For example "god", "angel" and "jesus" appeared in the pattern of the top 15 words used in the passwords analyzed. We have seen in the past that religious affiliated sites fall into this trap when it comes to password selection. It will also remain an issue in the passphrase era. COUNT DRACULA Numbers trailing passphrases will be an issue just as with passwords. Many Internet users seem to share the num- bers obsession of the Count from Sesame Street, with "1234", "12345", "123456", "654321", and "1234567" all appearing in the top 30 patterns. SIZE MATTERS *** Passphrases should contain at least four words that are somewhat random but easy to remember. Most attempts at passphrases look more like traditional passwords, for instance "ilove" is a passphrase starter. If the passphrase is too short! "ilovejen" an attacker essentially is cracking a three letter password. WHEN LOVE IS BAD "I love [fill in the blank]" is totally appropriate when dealing with family and loved ones. However, this phrase or any- thing related to it would be on a short list of banned passphrases in my opinion. Passphrases containing "ilove" and "iloveyou" make my list. *******************k***************************************************************** THE END **** ***** BROUGHT TO YOU BY: :RAPID7 KEEP SAFE! VISIT THE FOLLOWING LINK TO GET PASSWORD TIPS TO AVOID DATA BREACH CATASTROPHES

LinkedIn Passwords Lifted

shared by rapid7 on Jun 12
1 comment
In order to gain insight on whether or not people were using known bad passwords as a part of a larger password or passphrase, I created a list based on the Gawker top 50 passwords, as well as LinkedI...




Social Media
Did you work on this visual? Claim credit!

Get a Quote

Embed Code

For hosted site:

Click the code to copy


Click the code to copy
Customize size