Why Is 3sYqo15hiL Such A Popular Password?

by
https://specials-images.forbesimg.com/imageserve/935446144/960x0.jpg?fit=scale
One insecure password choice mystery has been solved: why is 3sYqo15hiL so popular?AFP via Getty Images

Improving your password hygiene is one of the most important things you can do to strengthen your security, so why is 3sYqo15hiL such a popular choice?

Love them or hate them; passwords are not going away any time soon. Sure, Microsoft might want to encourage Windows 10 users to switch to using a PIN instead, but a truly passwordless future isn't in sight just yet. So, with passwords being an important, and some would argue the most important part of your security posture as a user, choosing the right ones is critical.

You probably already know not to use a common password such as, well, password.

I'm hoping you are not one of those who has pushed 123456 to the top of the most used passwords list, either.

However, I've just been reading an analysis of more than one million leaked passwords found within the data from FTSE100 company breaches and 3sYqo15hiL slapped me in the face like a wet fish in a Monty Python sketch.

3sYqo15hiL was, the analysis revealed, the 21st most used password within this breach data. Which begs the question, why the heck is that? Luckily, the people at Passlo who performed the FTSE100 data breach analysis had the answer.

Digging deeper into the 3sYqo15hiL password mystery

All of the password occurrences were attributed to just one set of accounts, those belonging to Standard Chartered (sc.com) emails, within the data set. The analysts did a little more digging outside of that dataset, however, and quickly found more than 8,000 further occurrences that were associated with various data leaks and appeared to be random. These were paired with fairly random-looking email addresses at hotmail.com, gmail.com, yahoo.com, and so on.

The analysts ruled out falsely inserted data being to blame, not least as the email and passwords were seen across too many data sets, from different sources, and many were found to be active when pinged using SMTP verification. Not only active, the report revealed, but also associated with distinct social media profiles.

Instead, it appears that 3sYqo15hiL is linked to email addresses used for spamming purposes. In other words, it's a common password being applied by a spam bot network that uses free email providers. This doesn't, however, explain why it turns up in emails within the domain of such a large and reputable financial company as Standard Chartered.

Until that is, you dig back into the history of that domain and discover that until 2009 the sc.com domain was owned by a different company that enabled users to create such email accounts.

One password mystery solved, another even bigger one remains

So, there you have it, the mystery of why 3sYqo15hiL is such a common password solved.

Now, if only we could solve the mystery of why people use easily guessed passwords across multiple sites and services rather than employing a password manager application to create random, complex, and strong ones that are unique to each account. A password manager also stores your passwords in an encrypted database secured by one strong master password and is the easiest way of keeping your credentials secure as an individual. Add two-factor authentication (2FA) into the mix for your password manager and any site that offers it, and you have a second layer of protection for good measure.