Ashley Madison is a popular Canadian resource for users who do not mind to leave the line of a faithful husband and have some fun on the side. The basis for the creation of Ashley Madison was the idea of a dating site for the purpose of adultery, which is evident from the motto on its main page «Life is short. Have an affair ».
August 19, 2015 was a “fateful day” for many users of the site, as well as for their spouses, as a group of hackers “The Impact Team” have successfully compromised 11.7 million user passwords and posted on the Internet the data of 36-million people who used the services of Ashley Madison.
The list of popular Ashley Madison passwords
The team of hackers CynoSure Prime have analyzed the data of the most popular Ashley Madison passwords and found out that more than 15 million of them have been cracked by the algorithm MD5, which makes the process of brute force much easier. The published statistics shows that among 11,716,208 users of the site only 4,867,246 people used a unique password to protect data, while the remaining users did not worry about the security of confidential information and used standard overused passwords. Moreover, in 630,000 cases the password and the username were completely the same.
Most passwords were extremely simple: mostly lowercase letters, sometimes with numbers. Brute force probably began according to the list of most common passwords in keeping with the version of the list created in 2005, “500 worst passwords of all times”. And it has paid off. The ten most popular passwords in 2015 among the Ashley Madison cheaters are included in the top twenty of the easiest passwords in the world.
Below is the list of the most frequently used passwords according to the hackers of Ashley Madison:
As we can see, most of the passwords used by people are too simple and predictable, but due to human laziness, lack of wit, or the inability to remember complex combinations people continue using them. Thus, users keep making the same mistakes, which in inappropriate moments bring a lot of unexpected troubles, it’s painful and it hurts in the most vulnerable places. In the Ashley Madison users’ case, it can even destroy families.
Two-factor authentication – a way out for the predictability of most commonly used passwords and the ideal solution for data protection
Experts believe that the hacking of Ashley Madison was successful because of the carelessness of the developers of the resource, even though it is not known whose fault it was. But the result is obvious. Having started their work in 2001, the creators of the site used a one-step authentication, which means using only a username and password. One-factor authentication gave all the ‘trumps’ to the hackers, and they could easily compromise the accounts.
This would not have happened if the login to the site was carried out by means of two-factor authentication, which means that after the entering of login and password a one-time password is sent to the user’s mobile phone, token, or email. This one time password might be the deterrent that would protect adulterers’ profiles from being compromised, and keep their unaware wives and husbands from unpleasant discoveries.