Blackberry Bans Weak Passwords to Protect Consumers From Hackers

Gerry Smith
Friday, 7 Dec 2012 | 1:14 PM ET
Source: blackberry.com

Blackberry may be losing ground to Apple's iPhone and Google's Android devices. But its struggling parent company is still known for making some of the most hacker-proof smartphones on the market.

To uphold its reputation for security, BlackBerry-maker Research In Motion has put out a list of 106 passwords that its customers are banned from using because they are too weak. The list included "123456," "pookie," "butthead," "snoopy," as well as Winnie the Pooh characters "Tigger" "piglet" and "poohbear," and the weakest password of them all: password. A complete list was published on the blog Rapid Berry.

Tim Segato, senior product manager for BlackBerry security at RIM, said the list had been identified by industry researchers as among weakest passwords used most often. He said the list applies to Blackberry IDs that allow users to access the company's website, apps and services and doesn't apply to those used to log-in to the device itself.

"BlackBerry continually looks to help its customers protect their confidential information," he said in a statement. "One element of BlackBerry's overall security solution is to limit commonly used passwords on BlackBerry ID."

Blackberry's password blacklist is part of a growing effort among tech companies to force consumers to devise a complex string of characters to log-in to their accounts. The reason is that most Internet users simply can't be trusted to create strong passwords on their own, experts say. Last year, Microsoft banned weak passwords from its email service Hotmail. Google Wallet also rejects easy-to-crack log-ins.

But Blackberry's list of 106 banned passwords hardly covers the myriad of ways that users leave themselves vulnerable by creating simple passwords. Hackers are now using free password-cracking software like "John the Ripper" to test millions of commonly-used passwords from websites that have been breached.

Such programs are effective because most Internet users have just a few passwords that they recycle again and again, so passwords stolen from one company's servers likely hold the keys to accounts with other companies. A 2007 study by Microsoft found that the average Web user keeps 25 separate accounts but uses just 6.5 passwords to protect them.

Security experts say consumers should create long, complex passwords of letters and numbers and use different ones for each account to prevent hackers from figuring them out and wreaking havoc on their digital lives.

  Price   Change %Change


Contact Technology


    Get the best of CNBC in your inbox

    › Learn More
  • Matt Hunter is the senior technology editor at CNBC.com.

  • Cadie Thompson is a tech reporter for the Enterprise Team for CNBC.com.

  • Working from Los Angeles, Boorstin is CNBC's media and entertainment reporter and editor of CNBC.com's Media Money section.

  • Jon Fortt is an on-air editor. He covers the companies, start-ups, and trends that are driving innovation in the industry.

  • Lipton is CNBC's technology correspondent, working from CNBC's Silicon Valley bureau.

  • Mark is CNBC's Silicon Valley/San Francisco Bureau Chief covering technology and digital media.