Adobe's security breach just got worse for the company and the world, after a security researcher revealed that 1.9 million of the company's customers us the string “123456” as their password.
The researcher in question is Jeremi Gosney of the Stricture Group, whose Twitter profile claims The Reg has in the past labelled him a “password security expert”. Gosney says he came across the purloined passwords on one of several online dumps and analysed them to see which passwords are most-used by Adobe customers.
The list makes for ugly reading. Here's the top 20.
|Password||Number of users|
Gosney's posted the top 100 here.
Adobe first said three million passwords were pinched in the raid, then upped that number to 38 million and raised the prospect of 150 million people being at risk.
Whatever the number, the results make Vulture South wonder if criminals should have bothered breaking in to steal them: with 1.9 million users relying on “123456” there's a better than one in one hundred chance of unlocking an Adobe account with blind luck.
That this should be the case says a lot about Adobe's password regulations, and maybe Adobe users too. To be fair to the company it's conceivable that many of its users signed up in days of yore, before complex passwords were either necessary or fashionable.
A counter-argument is that the company should have encouraged users to adopt more secure passwords a long time ago. It's doing so now: accounts have been frozen until users reset their passwords. ®