LulzSec E-mail Hack Proves We’re Lousy at Picking Passwords

Whether you think LulzSec is doing us a favor for exposing our security weaknesses or think the hacker group has gone too far, a very old lesson can be learned here: we need to create stronger passwords. New analysis of the 62,000 logins LulzSec made publicly available reveals, yet again, our seriously weak password habits.

This certainly isn’t the first time we’ve seen how poor some of our passwords are. Last January, one study revealed the most typical passwords used by the 32 million accounts hacked on RockYou.com were “123456” and “password”. In December, analysis of 188,279 passwords stolen from Gawker showed those two passwords again as the most commonly used.

The top passwords from the LulzSec dump, according to an analysis by programmer Aviv Ben-Yosef? You guessed it: “123456”, followed by “123456789” and in third place, “password”.

Other top passwords from the LulzSec sample contained common words like “romance” and mystery,” perhaps revealing also some users’ desire for thing whole login thing to be less mundane. Other users went the simple route: about 20 percent of the passwords were all numbers.

Despite password best practices-using a mix of uppercase letters, numbers, and special characters-only 2 percent of the LulzSec passwords contained capital letters and a mere 0.85 percent contained special characters.

Ludicrous, right? If you’re reading this, you probably don’t need to be reminded of how imperative it is to create strong passwords and not use the same login everywhere. You probably do, however, know someone (or many people) who could benefit from you forwarding them some good old password advice, like using password managers to build better passwords (without going crazy) and how adding “789” at the end of “123456” does not make a password more secure.

Follow Melanie Pinola (@melaniepinola) and Today@PCWorld on Twitter.