Cybercriminals recently stole more than $1 million from a county hospital in Leavenworth, Washington, by hacking into the medical center's accounting system. By the time the head office had noticed anomalies in three payroll files, more than $1 million worth of payroll transactions had been processed and deposited into the bank accounts of 96 "mules" and then siphoned off by the fraudsters.

When AP’s Twitter account was hacked and the hackers tweeted about explosions at the White House, the Dow Industrial Average lost about 140 points. Although the losses were quickly recovered, the incident highlighted the damage that can be inflicted with a hacked password. And because password theft is usually behind social media account hacking, security experts were quick to point out the importance of password security and make suggestions to strengthen security by using two-factor authentication.

90% of Passwords are Hackable

On the Intel website, a page entitled How Strong is Your Password prompts you to test your password writing skills.

“A strong password is your front line of digital protection. It is your personal digital superpower, and it's easy to make stronger,” advises the website.

According to the site, my password would take 3.678 million years to crack, but clearly that isn’t always the case.

Password Mistakes

FREE Investigation Report Template

Prepare thorough, consistent investigation reports with our free report template.

Download Template

The largest-ever study of password security, the science of guessing: analyzing an anonymized corpus of 70 million passwords, found that many people:

• use the same passwords for many accounts, including bank accounts.
• don’t know how to create a strong password.
• don’t change their passwords
• use easy-to-guess passwords

Authors of the study also found that:

“There is a clear trend towards stronger passwords amongst users who actively change their password, with users who have changed passwords 5 or more times being one of the strongest groups.

There is a weaker trend towards stronger passwords amongst users who have completed an email-based password recovery. However, users who have had their password reset manually after reporting their account compromised do not choose better passwords

Users who log in infrequently, judging by the time of previous login before observation in our experiment, choose slightly better passwords. A much stronger trend is that users who have recently logged in from multiple locations choose relatively strong passwords.”

Are Your Employees Using These?

An annual study by SplashData of the most commonly used passwords found that password, 123456 and 12345678 are still the most popular. Hard to believe considering that security experts have been warning people for years to use more secure passwords.

Here’s the top 10 of SplashData’s worst passwords of 2012:

• password
• 123456
• 12345678
• abc123
• qwerty
• monkey
• letmein
• dragon
• 111111
• baseball

How to Create a Hack-Proof Password

Intel also provides a handy trick for creating passwords that are unique, memorable and hard to crack.

1. Pick a phrase that’s easy to remember
2. Change some of the letters to numbers, capitals and symbols
3. Customize them to your accounts

Requiring employees to use strong passwords can go a long way in keeping your company data safe.