The most common password created last year across the Internet was "password," according to SplashData CEO Morgan Slain.
His company makes software that stores passwords securely to help consumers keep track of the growing number they need to access websites such as e-mail, bank accounts and medical records.
"Changing the O (in 'password') to a zero isn't enough," Slain said. "Hackers have brute-force attacks that quickly look up and try every word in the dictionary very rapidly."
Today, a growing number of websites require a username and password combination. On top of that, some sites require changing passwords periodically, and smartphone apps are asking consumers to remember more and more.
"It's not just 'techies' that are having problems remembering all these passwords, it's everyone," Slain said. "People just use the same one over and over again or write it down, and that's getting risky."
SplashData, based in Los Gatos, Calif., has been making secure password applications that help consumers store many passwords since it was founded in 2000. Slain said his private company has seen a lot of growth in password applications since smartphones started to boom in 2008.
SplashData's password app, SplashID, stores all of a person's passwords in the application behind an encrypted password. The application also will fill in the password automatically on personal computers and can generate random passwords.
SplashID is available for iPhones, iPads, Mac and Windows computers, and Android and BlackBerry devices. SplashID has more than 1 million users on those devices worldwide.
"We're not the only one," Slain said. "Password applications come in handy, and we have noticed a real growth" in companies or applications that offer password storage solutions.
Password management is a relatively crowded space, with dozens of competing applications on the market, including RoboForm, LastPass, Sticky Password, SurfSecret, AnyPassword, TK8 Safe, KeePass, Password Agent, Password Manager XP and TraySafe.
Still, Slain said that the biggest obstacle the company faces is that consumers don't know these apps are available.
Consumers are at risk by using the same password for every website, or using simple passwords such as "12345," Slain said. Hackers and digital criminals have tools that allow them to crack those quickly, and then information can be stolen or compromised.
"It's easy for criminals to see these lists of the most common passwords with a Google search," Slain said. "People don't realize you can compromise a lot of information. You really want to protect an e-mail account."
If an e-mail account is compromised, the worst-case scenario is identity theft. Hackers also can change your password on sites linked to the e-mail, delete e-mails and gain access to bank information.
Rio Salado Community College student Kyle Chank said he has had his bank information compromised, though the bank intervened before any real damage was done.
He admits that he struggles with passwords.
"I basically have four passwords that I rotate," Chank said. "I forget them a lot. I'll just keep trying until I get it, and by the time I log in, I'll have forgotten what the password actually was."
Liam Hausmann, an Apple technical adviser at Arizona State University, said a lot of support calls are from people who forget their password.
And he agrees that having simple passwords defeats the purpose.
"I mean, if you're going to set your password to 'password,' then you don't really understand the point of a password," Hausmann said.
Slain said it's not only "password" that is easy to break. Common names, simple number combinations and one-word passwords are a risk to personal security. He added that smartphones can worsen the problem.
"I don't think people realize how much personal information they store on a smartphone. You have e-mail, contacts, notes, people who store PIN (personal identification) numbers," Slain said. "If you have an app, however, it becomes a handy tool so you can be more productive while staying secure."
Password applications are secure in that they store all the information locally (on the phone/computer) with an encrypted password. So if the phone gets stolen, the information is still safe, and it doesn't reward hackers to go to the company databases because no data is there.
The application allows users to change the password stored for websites that require users to change their passwords frequently.
"Of course, that makes it harder to remember, so that's where the app comes in handy," Slain said.
SplashID is sold to individuals as well as companies. "The fastest area of growth for us right now is for IT managers who are looking for companywide solutions," Slain said. "They manage passwords for all the employees, and we have SplashID Enterprise for them."
by Kevin C Keller The Arizona Republic Oct. 28, 2011 04:58 PM
Apps help users recall passwords