With that in mind, security consultant Mark Burnett has leaped on the opportunity to… publish 10 million passwords online. In a blog post, Burnett notes how he’s trying to provide “insight into user behavior” that could prove “valuable for furthering password security.”
The whole package is available for download in a single 84.7 MB torrent file, but Burnett includes a disclaimer noting that “by downloading this authentication data you agree not to use it in any manner which is unlawful, illegal, fraudulent or harmful […] including but not limited to fraud, identity theft, or unauthorized computer system access”–an ironclad security arrangement if we’ve ever seen one.
And if there’s one thing Mark Burnett knows, it’s security. Recently he was among the researchers who compiled 2014’s list of the most regularly used passwords. The winning entry on that particular occasion? None other than the embarrassingly easy-to-guess “123456.” Things are getting better, though, he acknowledges. While a certain percentage of users still opt for passwords which can, quite literally, be figured out by running your hand across a keyboard from left to right, the number of people who opt for these passwords is getting smaller as a percentage of the overall pie.
The situation is still pretty bleak, however. One recent survey suggested that not only do many people share passwords at work, but that a significant portion of users would be willing to sell their login information for as little as $150.
If you’re worried that your password may be on the list, don’t be. Well, sort of. The data is already available online, although Burnett brought it together under one digital roof. He also writes that, “these are primarily dead passwords, which cannot be defined as authentication features because dead passwords will not allow you to authenticate. The likelihood of any authentication information included still being valid is low and therefore largely useless for illegal purposes.” While Burnett admits that the whole endeavor is a bit of a legal quagmire, he also goes to great lengths to argue why “the FBI shouldn’t arrest me.”
Until biometric logins become the norm, it is likely that password hiccups like those revealed today will continue to be a routine occurrence. In the meantime, if you’re struggling to create a secure number-and-letter-based password, you could do a whole lot worse than checking out our handy how-to guide here.