Even rocket scientists use dumb passwords

We may earn a commission from links on this page.
Image for article titled Even rocket scientists use dumb passwords

The world’s largest professional organization of engineers exposed nearly 100,000 passwords of its members on a publicly available server, a computer scientist in Denmark reported today. But many of the eggheaded engineers had passwords just as obvious and insecure as the rest of us.

The Institute of Electrical and Electronics Engineers just confirmed the incident in an email to me, apologizing for the breach and saying “the issue has been addressed and resolved.” Radu Dragusin, the programmer who first discovered the exposed passwords, usernames, and other information, published a fascinating analysis of the data at ieeelog.com, including some maps of IEEE’s far-flung members. But I fixated on his list of the most common passwords:

  1. 123456
  2. ieee2012
  3. 12345678
  4. 123456789
  5. password
  6. library
  7. 1234567890
  8. 123
  9. 12345
  10. 1234
  11. ADMIN123
  12. IEEE2012
  13. student
  14. ieee2011
  15. SUNIV358
  16. Password
  17. abcd1234
  18. admin

There’s an argument to be made that certain passwords, like those you might use to log into a professional organization’s website, shouldn’t be as secure as, say, an email password. An engineer using “123456” to log into the IEEE’s website may look silly but probably doesn’t have to worry about their more important accounts, which should have stronger passwords. Still, “password” and “abcd1234” are generally inadvisable passwords, no matter what. And it’s striking that the most popular passwords among these engineers are similar to a larger set of passwords from Yahoo users that were exposed this summer.