As a rule, rogue Android apps don’t last long on Google Play — either Google catches them quickly, or enough people complain that something gets done. That doesn’t appear to have happened with a recent batch of apps, though. Antivirus developer Avast has noticed that multiple titles, including some with millions of downloads, have been harboring a sneaky form of adware that tries to fool you into either paying for content or violating your privacy. The apps will often work normally for days, but eventually pester you with ads warning about non-existent updates and viruses every time you unlock your phone. If you’re tempted enough to tap one of the ads, you’re steered to far more dangerous content that may send premium text messages (without asking, naturally), harvest personal info or otherwise compromise your device.
At least some of the offending apps are gone as I write this, so there’s no doubt that Google is clamping down. However, it does raise the question of why these apps managed to get relatively popular before the hammer fell — even if they were pumped up by fake downloads, there were negative reviews indicating that something was amiss. We’ve reached out to Google to get more details about what happened and what it might be doing to mitigate these problems in the future. For now, your best defenses are to either install only the apps you trust, or to read reviews carefully before you take the plunge.
People Are Still Using Terrible Passwords
Imagine you have a house where you keep your valuables. The rooms contain expensive family heirlooms, wads of cash and photos from that once-in-a-lifetime trip. You always make sure to keep the house locked, and you’re the only one with a key to the place. Now, would you hide the key under a welcome mat that reads: “There’s a key under here”?
Obviously, this seems foolish. Now think of that house as the Internet, and instead of heirlooms, it has your banking information and Social Security number. There are still photos, but there is also access to your work files. Your password is the key that keeps it all safe, so if you pick a password like “123456,” you’re essentially giving cybercriminals a spare key to your sensitive data.
We’ve told you this before, but it seems a refresher might be in order.
The Internet security app company SplashData has released its latest list of the worst passwords of the year. Once again, the dubious honor of the top slot goes to the geniuses who keep “123456” as their password of choice — though “12345,” “12345678” were in the top five, also.
The worst passwords aren’t simply numerical. The silver medal in this event of computer carelessness goes to whoever uses “password” as a password. That includes you, Sony Pictures.
New to the list are the words “access,” “superman,” “batman,” “master” and “michael.” You can see the full collection of 25 cybersecurity fails here, but it’d probably be more useful to check out this infographic on how to create a password that’s effective.
More for this article:
“123456” Maintains the Top Spot on SplashData’s Annual “Worst Passwords” List
The 2014 list of worst passwords demonstrates the importance of keeping names, simple numeric patterns, sports and swear words out of your passwords.
Worst Passwords of 2014
SplashData has announced its annual list of the 25 most common passwords found on the Internet – thus making them the “Worst Passwords” that will expose anybody to being hacked or having their identities stolen. In its fourth annual report, compiled from more than 3.3 million leaked passwords during the year, “123456”and “password” continue to hold the top two spots that they have held each year since the first list in 2011. Other passwords in the top 10 include “qwerty,” “dragon,” and “football.”
As in past years’ lists, simple numerical passwords remain common, with nine of the top 25 passwords on the 2014 list comprised of numbers only.
Passwords appearing for the first time on SplashData’s list include “696969” and “batman.”
While Valentine’s Day is less than a month away, “iloveyou” is one of the nine passwords from 2013 to fall off the 2014 list.
According to SplashData, the passwords evaluated for the 2014 list were mostly held by users in North America and Western Europe. In 2014, millions of passwords from Russian accounts were also leaked, but these passwords were not included in the analysis.
SplashData’s list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords.
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
For example, users should avoid a sequence such as “qwertyuiop,” which is the top row of letters on a standard keyboard, or “1qaz2wsx” which comprises the first two ‘columns’ of numbers and letters on a keyboard.
Other tips from a review of this year’s Worst Passwords List include:
- Don’t use a favorite sport as your password – “baseball” and “football” are in top 10, and “hockey,” “soccer” and “golfer” are in the top 100. Don’t use a favorite team either, as “yankees,” “eagles,” “steelers,” “rangers,” and “lakers” are all in the top 100.
- Don’t use your birthday or especially just your birth year — 1989, 1990, 1991, and 1992 are all in the top 100.
- While baby name books are popular for naming children, don’t use them as sources for picking passwords. Common names such as “michael,” “jennifer,” “thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in the top 50.
Also in the top 100 are swear words and phrases, hobbies, famous athletes, car brands, and film names.
This is the first year that SplashData has collaborated on the list with Mark Burnett, online security expert and author of “Perfect Passwords” (http://www.xato.net).
“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” Burnett said. “The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”
SplashData, provider of the SplashID line of password management applications, releases its annual list in an effort to encourage the adoption of stronger passwords. Slain says, “As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”
Presenting SplashData’s “Worst Passwords of 2014”:
1 123456 (Unchanged from 2013)
2 password (Unchanged)
3 12345 (Up 17)
4 12345678 (Down 1)
5 qwerty (Down 1)
6 1234567890 (Unchanged)
7 1234 (Up 9)
8 baseball (New)
9 dragon (New)
10 football (New)
11 1234567 (Down 4)
12 monkey (Up 5)
13 letmein (Up 1)
14 abc123 (Down 9)
15 111111 (Down 8)
16 mustang (New)
17 access (New)
18 shadow (Unchanged)
19 master (New)
20 michael (New)
21 superman (New)
22 696969 (New)
23 123123 (Down 12)
24 batman (New)
25 trustno1 (Down 1)
SplashData offers three simple tips to be safer from hackers online:
1. Use passwords of eight characters or more with mixed types of characters.
2. Avoid using the same username/password combination for multiple websites.
3. Use a password manager such as SplashID to organize and protect passwords, generate random passwords, and automatically log into websites.