Collection #1 Password Analysis
by Eric Smith, FireOak Strategies Chief Technologist & Information Security Officer
February 15, 2019
In January 2019, a massive database of email addresses and passwords was released on the internet. The collection included over 773 million unique email addresses and 21 million unique passwords, credentials that were assembled from many data breaches.
The FireOak information security team has analyzed the collection. Two of our key takeaways:
1. Weak, common, and easily-guessable passwords are still heavily in use.
2. Password re-use continues to be rampant.
The image above includes the most-often used passwords -- all of which are weak, common, and easily-guessable.
Collectively, these 23 passwords appeared in the collection
over 65 million times.
These two practices -- using weak, common, and easily-guessable passwords and re-using passwords across multiple sites -- put your personal information and data at risk. And since passwords are re-used between work and personal accounts, you’re also putting your organization’s data and information at risk.
Improve your password hygiene. A few quick tips:
- Use a password manager to help you store and manage your unique passwords.
- Never re-use passwords.
- Length matters: use long, complex combinations of words and phrases.
- Use multi-factor authentication on every site that supports it.
Additional Resources about Collection #1:
- Wikipedia, Collection No. 1
- Barrett, Brian (January 17, 2019). “Hack Brief: An Astonishing 773 Million Records Exposed in Monster Breach.” Wired.
- Song, Victoria (January 17, 2019). “Mother of All Breaches Exposes 773 Million Emails, 21 Million Passwords.” Gizmodo.