How Hacker-Proof Are Your Banking Passwords?
Easy-to-guess passwords still dominate.
That's the conclusion from two recent studies that looked at passwords in general and banking passwords in particular.
At the end of last year, a hacker was able to gain access to 32 million passwords held by software company RockYou. The list was briefly posted on the web and security researchers were able to take a detailed look at the most popular choices.
According to Imperva, a company that makes blocking software, the most popular password -- used by almost 1% of the entire sample -- was "123456." The second most popular? "12345." Others in the top 20 included "654321," "abc123," "iloveyou," and "password."
Perhaps more disturbing was the fact that about 20% of the samples picked from the same, relatively small pool of 5,000 passwords. This means that hackers could use automated programs to break into millions of accounts in a very small period of time, leaving security officers no time to react.
Although the security breach at RockYou was far from trivial -- they make software for Facebook and MySpace (NWS) among others -- it would have been much worse if a financial institution such as Citi (C) or Chase (JPM) were involved.
Here, you'd expect individuals to take far more care over their choice of password. Not so, says the results of another study, this time by security firm Trusteer. They found that 73% of individuals used their online banking passwords across multiple sites, making it easy for criminals to hack into less secure sites and then go after the banks.
This backs up an earlier survey from analyst firm Gartner (IT), which found that two-thirds of consumers use the same one or two passwords across all websites they visit.
Avivah Litan, who directed the Gartner study, suggests that the sheer number of websites requiring passwords is taking its toll. "[Consumers] are making a choice of convenience over security," she said. "They are using a cost-benefit equation …they don't want to try and remember 10 different passwords for everything they do."
Although banks have added other layers of security, like tagging computer equipment and monitoring user characteristics, they're not the only ones storing sensitive information these days. Even a hacked Facebook account can cause huge problems for the victim.
Security experts recognize the problems with choosing unique passwords for dozens of websites, ATMs, cell phones, and other gadgets but they still stress the importance of variety.
Amit Klein, chief technology officer of Trusteer, recommends maintaining at least three "families" of passwords: One for critical financial sites, a second for sites that store personal information, and a third for generic log-ins.
Most Popular Passwords from RockYou Data
See also, Thirteen Ways to Avoid Identity Theft and Safeguard Your Secrets In the Age of Social Networks.
Visit TheOnlineMom.com for the latest tech-savvy tips.
© Monica Vila, The Online Mom.
The information on this website solely reflects the analysis of or opinion about the performance of securities and financial markets by the writers whose articles appear on the site. The views expressed by the writers are not necessarily the views of Minyanville Media, Inc. or members of its management. Nothing contained on the website is intended to constitute a recommendation or advice addressed to an individual investor or category of investors to purchase, sell or hold any security, or to take any action with respect to the prospective movement of the securities markets or to solicit the purchase or sale of any security. Any investment decisions must be made by the reader either individually or in consultation with his or her investment professional. Minyanville writers and staff may trade or hold positions in securities that are discussed in articles appearing on the website. Writers of articles are required to disclose whether they have a position in any stock or fund discussed in an article, but are not permitted to disclose the size or direction of the position. Nothing on this website is intended to solicit business of any kind for a writer's business or fund. Minyanville management and staff as well as contributing writers will not respond to emails or other communications requesting investment advice.
Copyright 2011 Minyanville Media, Inc. All Rights Reserved.
Daily Recap Newsletter