Niklas' blog

Welly-well. This is what we IT guys try to warn you about:

In December 2009, a major vulnerability was discovered in Rockyou.com. By examining a hacker’s blog, a major vulnerability was discovered that led to the breach of 32 million passwords and the hacker posted to the Internet the full list of the 32 million passwords (with no other identifiable information).

So, what have we learned since the birth of “oh, I should keep my password complex enough so that people can’t hack my account?“? Probably nothing, looking at the top 20 passwords from the list:

Furthermore:

The Imperva Application Defense Center (ADC) analyzed the strength of the passwords.

They came up with the following report which is, quite frankly, mind-boggling. You don’t lend your password to a stranger, do you? Yet you probably use the same password over and over on every site you’ve ever visited. And it’s your dog’s name.

And if one of those sites are hacked, don’t be so sure that you’ll know from the news and quickly get to change your password; some sites are hacked, leading to a plethora of passwords, credit card numbers and really life-threatening information seeping out without anybody knowing about it. Until you try to buy a sandwich and find out your bank account is emptied. Or that your e-mail correspondence is suddenly accessible to the world.

To better your passwords, you can also use LastPass, which may aid you in not having your passwords stolen or hacked. But the main thing is: use common sense and read up on the recommendations in this report; by hovering your mouse-pointer over the report, you can get to open it in full screen-size.