Transforming IT
Showing results for 
Search instead for 
Do you mean 

One, Two, Buckle My Shoe; Three, Four, Open the Door; Five, Six, Pick Up Sticks......

TSchreider on ‎11-21-2013 10:14 AM

pickup sticks.jpgI find this particular attack amazing for two primary reasons, one that 20% of users would be using passwords that are based on a children's nursery rhyme and two, that a large software company would allow such a simple password to be created in the first place.  There is further irony when one considers the "Open the Door" passage of the rhyme as well as the "Pick Up Sticks" passage.  The first passage states the obvious, the second passage portends the tangled mess one is left with to recover from the security breach.  At least these users were not as bad as the 575,000 users that just used "111111" as their password.


Last year Time magazine published the year's 25 worst passwords. Guess which one was number two on the list? Yes you guessed it, "123456."  Comically, Jesus, Monkey and Ninja all made the top 25 list as well.


In order for security to work, it requires the collaboration between users and companies.  This event is a perfect example of what can go wrong when that collaboration ceases to exist.  Users must cooperate in the security process by using strong passwords and companies must equally contribute by preventing weak passwords.  Today's sophistication of brute-force cracking and dictionary attack techniques can test over one-hundred million passwords per second using an average computer and over one billion using a high-end computer.  However, these passwords only required a Time Magazine article for reference in order to crack them.


You would think that we would be past the point where we have to teach passwords 101, but apparently we are not.


Let me know what your company does to enforce strong passwords or how you would prevent such an incident.

About the Author


Tari is a Distinguished Technologist with 30 years of IT and cyber security experience. He is dual board certified in information security/business continuity and is responsible for a wide range of management and technology consulting services encompassing information security, disaster recovery, privacy, and risk management. His problem-solving skills, knowledge of various technology platforms, compliance statutes, industries, as well as his experience in deploying defense-in-depth and InfoSec Program solution architectures is commonly applied when advising CIOs/CISOs as well as leveraged in numerous HP client engagements throughout the world. Tari has designed, built, and managed some of the world’s largest InfoSec programs allowing them to defend against even the most aggressive attackers.

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all