Even The Experts Use Weak Password

If you had noticed, the website of Stratfor Global Intelligence was breached back in the end of 2011 where 200 GB of data were stolen during the hack. Those stolen data which consists of passwords, and credit cards were published on public.

Security experts pull out those stolen data and use some automated password cracking tool, Hashcat to crack those passwords and found that most of the subscribers of Stratfor were using ‘simple to guess’ password.

Those simple password are “123456, “11111111,” and “123123.” Other terribly insecure passwords: “111222333444,” “12345678901,” “administration,” “123456789abc,” “12345stratfor,” “hello123,” “lawenforcement” and “intelligence.” – According to SecurityNewsDaily

data breach

Image Credit: chanpipat

Who is to blame for this poor security?

I would say both parties, the subscriber and the web developer. Firstly, the developer enforced a minimum of six characters and at least a numeric value is used. That is not sufficient for a good security. The developer should enforced a stricter rule when creating a password.

The end user is also to blame for this poor security. A strong password should be complex and long. I don’t think the web developer will limit the subscriber to create a complex password and hence the blame cannot be at the developer totally. If you still not sure about creating a strong password, you can always refer to my post on how to create a strong password.

I don’t have to stress about the importance of strong password. Simple password such as the ones mentioned should not appear in any system especially the number of hacking case increased over the years.

Lastly, if you are concerned whether your accounts is hacked correspond to this hack, you can always refer to this page to check.

Build Your Own Security
Subscribe to my newsletter and get a copy of my eBook for free.
We hate spam just as much as you

Related posts:

  1. How to Create a Strong Password
  2. The Importance of a Strong Password
  3. 25 Password That You Should Not Use…Not For Any Accounts
About Alan Tay

This blog is owned and operated by myMediaInc. My Media operates content based online portals for IT professionals, technology managers and decision makers as well as business leaders. We publish original quality content focused in Software Development, IT Security, SaaS, Cloud Computing, Outsourcing, Project Management and Mobile and Wireless. Our mission is to explore how to help you optimize your resources in each of these areas.

Find us here IT Security Column.


  1. Peter Lee from Computer How To Guide

    It’s totally unbelievable that people are still using those simple combinations as passwords Alan. They’re either naive(or should I say stupid) or putting too much trust on Stratfor. People should take online security more seriously. Lesson learned for them I hope.
    Peter Lee recently posted..Educational Computer GamesMy Profile

    • Alan Tay says:

      I am surprised as well on that. As a software engineer, I do feel that the software should be made in a better way where a better security is enforced to guide the user for a better security >.<

  2. Toby Hanks says:

    I heard that is better to put a dot ( . ) as first character of password and that that dot makes hacking harder. Is that true?? Sory for bad English 🙂
    Toby Hanks recently posted..VIDEO/ CAZINJANI I U 2012. UŠLI SA SJAJNIM SKEČEVIMAMy Profile

    • Alan Tay says:

      It is okay Toby. My English is not perfect neither. 😉

      I am not too sure about putting a (dot) but if I stumbled into any article which say so, I will post into this post. The best way is still to make the password character long & complicated enough so that it has to crack even with using the tools mentioned above.

  3. Laura says:

    A few years ago I was doing some research and was shown a program that you simply put the username in and it tried a selection of around 10,000 passwords on those usernames in a few seconds. If any of them were correct it reported back and you could log in. It was scary stuff and the words it tried were common passwords. The success rate was around 30%.

    People definitly need to mix up their passwords.

  4. Biaria says:

    Well… they should know better|! I agree that it’s very tempting to use weak passwords and to use the very same one for everything and not to bother about changing it from time to time… it’s easier and faster, but then the danger of being hacked is very real.

    To avoid any crying over spilt milk in the end, lets get busy with those passwords and make them lock tight to any predators, it will be worth the effort.

    • Alan Tay says:

      I used to write a guide to create strong passwords but I think for security today, we should use generated passwords and a password manager to manage 😉

  5. ProjectX says:

    But really, the reason why their website got breached is not because of password. But in the poor enforcement of their website security like they don’t have an Open Source Web Application Firewall and not encrypting the passwords.

Speak Your Mind


CommentLuv badge

This blog uses premium CommentLuv which allows you to put your keywords with your name if you have had 3 approved comments. Use your real name and then @ your keywords (maximum of 3)