n the last week tens of thousands of people have been hit by a major attack that harvested not only email addresses and passwords, but also their ‘security question’ and their alternate email address and password.

This meant that not only could spam email be sent from those accounts, but if the user changed the password, the spammers could still log in.  They’d simply use the ‘forgot your password?’ link and log into that alternate address (that they’d also be sending spam from) to get the new password.

83151292

This is the biggest scam of this type so far and it’s highlighted some interesting points.  Researchers who were able to get a look at the initial lists of 30,000 email addresses were able to study the email passwords to look for trends.

They discovered that the most common password was “123456” with a great many people also using “password”.  The second most common password was “123456789”.

Further study revealed that a significant proportion of people were using their date of birth.  This is doubly insecure as you not only have an obvious password if someone knows your date of birth, but you’re also giving away your date of birth once someone discovers your password.

42% of all passwords used only lower case letters, 19% were purely numeric and only a paltry 6% used a mix of alpha-numeric and other characters, which is quite alarming.

In order to create a strong password you should have a mix of letters, in both upper and