TORONTO – Creating a strong password is important when it comes to protecting your data online – but it’s especially important if you are creating an account on a site supposedly geared toward discreet extramarital affairs.
It appears that a significant number of Ashley Madison users missed that memo.
According to a list of commonly used Ashley Madison passwords – complied by security software firm Avast from data leaked from the affair facilitating website – many people were using incredibly simple, easy-to-guess passwords on their account.
However, it’s important to note Avast didn’t crack all of the passwords included in the Ashley Madison leak – after all, the leak contained nearly 36 million username and password combinations.
“There is no known way to crack all of these passwords before the heat death of the universe, especially assuming that some are truly random, but we can crack the worst ones,” read the report.
Instead, the team took the first million encrypted passwords and ran them thought the “500 worst passwords” list compiled from other data hacks. Of the over 25,000 passwords they were able to crack, there were only 1,064 unique passwords.
The team put together a list of the top 20 most common passwords used by Ashley Madison users, according to the 500-worst list.
“123456,” “password” and “12345678” topped the list. Ashley Madison users also used passwords like “letmein” and “abc123” as log-ins to their accounts.
For the record, both “123456” and “password” topped the list of 2014’s worst passwords list.
“696969” – and a few other passwords we can’t mention in this article due to their sexual nature – were also popular choices by Ashley Madison users.
Tips for creating secure passwords
If any of your passwords made this list, you might want to consider some of the following advice.
Stay away from easy-to-guess passwords like “123456″ or “password” and easy-to-guess identifiers, like your dog’s name.
Numbers included in a password should never be something easy to guess based on the user. That means your age, the current year, or your address are not good choices. Similarly, the longer the password the better.
Passwords that use up to ten upper- and lower-case letters mixed with numbers are proven to be more secure – despite being hard to remember.
One tip is to construct a password from a sentence, mix in a few upper case letters and a number – for example, “There is no place like home,” would become “tiNOplh62.”
And remember, try not to use the same password for any two accounts.