Just before the holiday weekend, as their final act of defiance in 2011, AntiSec supporters published nearly a million records taken during the Christmas Eve attack on Strategic Forecasting Inc. The Tech Herald has examined the list of 860,160 passwords hashes that were leaked, and the results of our tests were both expected and pitiful.
We’re sorry to report that the state of password management and creation is still living in the Dark Ages.
The statistical breakdown of the passwords below should shock no one. The usage of passwords that are easily guessed or cracked by the majority of people online is just expected these days. So while examining the Stratfor password list leaked by AntiSec, we were not surprised to see seriously weak passwords.
Yet, the people on the Stratfor list, and the companies or government agencies they represent, know better than to use such shoddy passwords. These organizations have the capacity to enforce strong password usage. The individuals representing these organizations cannot offer a single excuse as to why they selected such an impressive collection of horrible authentication credentials. They’re supposed to care about authentication and access, yet they use things like ‘qwerty’ for a password.
It doesn’t matter if their respective Stratfor accounts were viewed as nonessential or less valuable, because the general tone of the passwords selected by the users were personal in nature. This paints a picture of someone who is used to using a password that is easy to recall, which also means they are likely to reuse it.