There is a list of the top 10,000 passwords in use today, sorted by frequency. Can you guess what the most popular ones are?
Well, "password" is the top choice, followed by "12345" or a variation thereof. (Followed by many common names, and quite a few profanities and sexual references.)
The top 10,000 passwords are used by 98% of users. Meaning that hackers don't need to hack per se, they just need to try the most common ones on the list.
The future of strong password security
This morning, I was at a Deloitte presentation on near-term technology trends, and learned that the so-called "strong password" authentication system is dead, and will be replaced by password plus something.
The plus might be something like a biometric e.g.fingerprint or iris scan. Or I might swipe a device. Or enter a special code obtained from my smart phone.
I can tell right now that this is going to be a real joy. My password safe is already the program I use most often each day, and not just to get a password. Half the time I am there to figure out what my user ID is.
It surprises me how often I have to do this, actuallly -- cloud services are that pervasive. Such as subscription-only content sites or other services that require a log-in.So we can expect to have more passwords in the future, not fewer.
Technology is one thing, adoption is quite another
The technology piece of this is all well and good, but it's the human change management piece that interests me. I see people and their willingness to change as a major barrier to adoption of stronger password tech. If --- despite the non-stop advice to have a strong password --- most people think a profanity or their pet's name is solid, then we are light years away from widespread adoption of iris scans. Aren't we?
One way to use this information
Download the list, and search for your most common passwords. When you don't find them, pat yourself on the back for how clever you are. And I'm sure readers of this blog are clever people. Am I right or what?
