Antivirus and security provider Avast, has been winnowing through the user passwords leaked by the Ashley Madison hackers, and based on their findings, it appears as significant number of cheating website’s clients were using weak passwords.
When Ashley Madison was hacked, experts have said that despite the fact that the website was vulnerable to the data breach, Ashley Madison did secure its users by applying bcrypt-hashed passwords. However, not even the best encryption can fully protect a weak password.
Avast’s researchers opted to run lists of common passwords against a relatively small sampling of the passwords available.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at firstname.lastname@example.org.
What they came up with after two weeks of cracking was a list of the site’s top 20 most commonly used bad passwords, ‘they could ever imagine’, despite the fact that clients knew they were registering into an adultery website.
To analyze the passwords, the security company had to look at the first million passwords from the Ashley Madison database and determine which of them were the weakest. They compared the available information with a list from 2008 called the “500 worst passwords of all time, ” and with another list that includes 14 million passwords from the 2009 Rockyou hack, using a password-cracking utility known as hashcat.
Note, Avast says that the list comes from the first million Ashley Madison passwords after it was launched in 2001, so perhaps users weren’t that concerned about their privacy as they might be now.
The top 20 worst Ashley Madison passwords were: