Tuesday, February 10, 2009

Forum Compromise gives insight into password security

A large programing forum (PHPBB) was recently hacked and 20,000 account passwords were posted online and in plain text by the attacker. Like last years Myspace account hack the was an excellent mining tool for security researchers to analyze common passwords and average password strength.

Here are the most commonly used passwords, notice #2 matched the forum name of PHBB. Other interesting weak passwords of note as the permutations of 123456 and the always popular "letmein" and "qwerty". This list is also probably a great source for a brute force dictionary on pen-testing.

3.03% "123456"
2.13% "password"
1.45% "phpbb"
0.91% "qwerty"
0.82% "12345"
0.59% "12345678"
0.58% "letmein"
0.53% "1234"
0.50% "test"
0.43% "123"
0.36% "trustno1"
0.33% "dragon"
0.31% "abc123"
0.31% "123456789"
0.31% "111111"
0.30% "hello"
0.30% "monkey"
0.28% "master"
0.22% "killer"
0.22% "123123"

No comments: