According to various online sources, the 25 most common passwords divulged from the recent hacking of Sony are as follows:
…seinfeld, password, winner, 123456, purple, sweeps, contest, princess, maggie, 9452, peanut, shadow, ginger, michael, buster, sunshine, tigger, cookie, george, summer, taylor, bosco, abc123, ashley, bailey…
All of the passwords listed above are in “password dictionaries” that are available online. Hopefully this should get you thinking about the password scheme you use for your personal online accounts, and especially for your work related accounts.
Section 8 of PCI DSS stipulates the following requirements for passwords related to the cardholder data environment:
For personal online accounts, I certainly adhere to number 1, 4 and 5. Changing work related passwords is quite important. Take a moment to consider the fact that an employee who has been gone for months (or years!) might still be able to access critical business systems. It is a scary thought.
So, take a few minutes today to think about your business password policies and start the process of making them more robust.