Sunday, October 25, 2009

Is Your Password 123456?

Earlier this month, Microsoft announced that more than 10,000 Hotmail email accounts had been compromised, and their passwords posted to underground hacking websites. An analysis of the posted account information revealed that the majority of the affected accounts used weak passwords which could be easily guessed. The most popular password was 123456 (with 123456789 a close second).

As we reported in the spring, weak passwords are commonplace in cyberspace. A 2007 list of the most frequently-used online passwords included 123456 as well as perennial favorites password, qwerty, and abc123. But the Hotmail story underscores the dangers of ignoring online security. As a result, many websites are getting tough on wimpy passwords, and requiring users to create strong passwords (a combination of letters, numbers, and symbols) which are harder for hackers to decipher.

One such site is Westlaw, which will begin encouraging the creation of OnePass usernames and passwords in November 2009. By January 2010, all Westlaw users will be required to access the system with a OnePass username and password. The alphanumeric code will serve as a registration code only; it will no longer be available as an alternative login method. Watch for messages about the upcoming change.

Need help thinking up stronger passwords for Westlaw (or anywhere else)? Review the Duke Office of Information Technology’s Password Security FAQ. OIT has compiled helpful advice for choosing a good password and avoiding weak ones. (To OIT’s tips, the Goodson Blogson would like to add that savvy Internet users should perhaps avoid posting a sticky note filled with those super-strong passwords on the side of their monitors.)