Over the past few years, many major websites have been hacked, exposing usernames, passwords, emails, and other private information. One example that received a lot of news coverage in 2015 was the data breach at Ashley Madison, a website that advertises itself as facilitating affairs (although some have concluded most of the supposed female users of the website are actually just bots).
There is an interesting article in Law Practice Today this month by attorney Sharon Nelson and her husband John Simek, both of whom are legal security experts and who run Sensei Enterprises, a digital forensics company. Their article is about the "deep web" and the "dark web," parts of the Internet that you cannot access from a search engine like Google, and it is an interesting read on that topic. But today I want to focus on just one part of that article, the part in which they explain how they downloaded from the dark web (for research purposes) a copy of the breached data from Ashley Madison. One of the things that they saw in the data was all of the passwords people used on Ashley Madison.
Now remember that this is a website that people used to be unfaithful to their spouse, so you would presume that most users would select passwords that are even more secure than normal to try to avoid prying eyes — not only hackers, but also spouses. And yet the top ten passwords used on Ashley Madison, as revealed by Nelson and Simek, are ridiculous:
- 123456
- 12345
- password
- DEFAULT
- 123456789
- qwerty
- 12345678
- abc123
- [redacted to keep iPhone J.D. family friendly]
- 1234567
According to a similar report from last year by reporter Keith Collins for Quartz (which lists the top 100 passwords used on Ashley Madison), that top password — 123456 — was used by over 120,000 users. And over 200,000 users used a string of numbers beginning with 1 and ending at 5, 6, 7, 8 or 9.
So this is another opportunity for me to urge you to use complex and unique passwords on each of the websites that you visit. And the easiest way to do that is to use a password manager, for all of the reasons that I discussed when I wrote about password security in June of 2015. I use 1Password, which works very well on the iPhone, iPad, PC and Mac, and which even has a useful Apple Watch app which works great for storing a few commonly-used passwords like a locker combination. In fact, just yesterday, 1Password introduced a new family plan so that your whole family can use, and when appropriate share, secure passwords. But whether you use 1Password or another product, I strongly encourage you to use something.
Click here to get 1Password for iOS (free, but $9.99 to unlock all features):