Username: “administrator,” Password: “password” – yer pwned

For years there has been a collective wisdom about creating strong passwords. Briefly:-- don’t use a word found in the dictionary-- don't use a word found in the dictionary with a "1"or other number after it-- create a password containing eight characters or more-- use a mix of letters, numbers and punctuation-- don’t write your password on a Post-it note and stick it under your keyboardFor user names the big rule is: change any default username or password as soon as you install an operating system or application.Three people at Microsoft, Francis Allan, Tan Seng and Andrei Saygo, just posted an interesting piece on the company’s Threat Research and Response blog confirming most of the above. They reported what they observed while running a honeypot for almost a year, collecting information from real, in-the-wild, dictionary-based attacks.Here were the most common user names and passwords used by attackers (in order):User names:AdministratorAdministrateuradminandrewdavestevetsinternetusertsinternetuserspauladamPasswords:password123456#!comment:changemeF**kyou (they didn't really use the asterisks)abc123peterMichaelandrewmatthewThey said that one attacker ran more than 400,000 user name and password combinations in one attack.Blog piece “Do and don’ts for p@$$w0rd$” (continue reading...)