What were the worst passwords of 2014?

---

Watch these people give Jimmy Kimmel their passwords on national TV.

---

Undoubtedly, cybersecurity stole the headlines of 2014. It seemed every week, there was another high-profile breach, whether the aftermath of Target and Home Depot, attacks against big-box retailers like Michaels and Neiman Marcus, or the massive incidents around JPMorgan Chase and Sony. However, even at its most rudimentary level, we’re finding that a majority of people fail to abide by common login best practices when accessing their personal data.

According to SplashData’s annual list of the worst passwords, compiled from more than 3.3 million leaked codes throughout the web during the past year, many of us aren’t too concerned about our digital security… at least when it comes to sign-in credentials. And apparently, some of us are more than happy to share them national television. Jimmy Kimmel’s producers recently went around the streets of Los Angeles to assess people’s password security.

Surely enough, the Jimmy Kimmel Live cast was able to get those passing by to reveal their “secret” credentials directly into the mic. Don’t believe us? Watch it below! 

So what were some of 2014’s top passwords?

1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 123456789
7. 1234
8. baseball
9. dragon
10. football
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
16. mustang
17. access
18. shadow
19. master
20. michael
21. superman
22. 696969
23. 123123
24. batman
25. trustno1

 

Atmel powers HackADay’s (offline) Password Keeper

The HackADay crew has chosen Atmel’s ATmega 32U4 microcontroller (MCU) to power its offline password keeper. Known as “Mooltipass,” the platform is also equipped with an easily readable screen, a read-protected smart-card (AT88SC102) and flash memory to store encrypted passwords.

“Atmel’s ATmega 32U4 is the same microcontroller [found] in the Arduino Leonardo, allowing us to use the numerous libraries that have been developed for it. In the final schematics, we’ll add an expansion connector so users may connect additional peripherals (we may switch to a FOUR4 layers PCB at this point),” explained HackADay’s Mathieu Stephan. “The microcontroller’s USB lines are protected from ESD by the IP4234CZ6. For encrypted password storage, we found the cheap 1Mbit AT45DB011D FLASH which also has 2/4/16Mbits pin compatible versions. If our beta testers find that 1Mbit is not enough, upgrading the Mooltipass would be easy.”

As noted above, Atmel’s AT88SC102 was chosen to be the secure smart-card, which offers 1024bits read/write protected EEPROM. In terms of the display, Stephan says the team has temporarily opted for the OLED screen shown in the picture above, although the creation of another mooltipass version with an IPS LCD is more than likely.

“These components choices made the voltages electronics fairly simple. The whole solution is powered by the ~5V coming from the USB, and the ~3.3V required by both the flash and the display is provided by the ATmega32U4 internal LDO regulator (~55mA @ 3.0 to 3.6V),” Stephan continued.

“The +12V also needed by the display is generated by a $1 regulated charge pump DC-DC converter. If we had to use a conventional step-up, the component count (and cost) would be much higher. Notice that we put a P-MOSFET in series with the latter as the output voltage when the DC-DC is not working is not 0V but VCC (here +5V). We also used another P-MOSFET to switch the power supply going to the smart card.”

In addition, the HackADay crew selected two resistor networks R6&R7 as voltage dividers to transform 5V signals to 3.3V.

“Fortunately, the ATmega32U4 can receive LVTTL signals, so we don’t need level shifters to get the data coming from the 3.3v-powered flash memory,” he added.

Interested in learning more about the Atmel-powered Mooltipass? You can check out the project’s official dedicated Google Group page here.

Going CryptoRF with Atmel

Earlier this week, Bits & Pieces dove into Atmel’s industry-leading performance portfolio for RF devices operating in license-free ISM frequency bands, including 5.8 GHz, 2.4 GHz, 868 to 928 MHz, 433 MHz and 315 MHz.

Today, we’re going to discuss Atmel’s CryptoRF lineup, a 13.56MHz RFID (radio-frequency identification) device family equipped with a 64-bit embedded hardware encryption engine, mutual authentication capability and up to 64Kbits of user memory.

“These low-cost chips are virtually impossible to copy and offer hardware security that is superior to software security solutions,” an Atmel engineering rep told Bits & Pieces. “As such, CryptoRF ICs are ideal for applications that are prone to counterfeiting, require a permanent chain of ownership, or use contactless smart cards for cash transactions. They are also appropriate for use in adverse environmental conditions where dust, dampness, or temperature extremes can cause problems for digital devices.”

As noted above, CryptoRF devices are safer than standard passwords, simply because mutual authentication between host and client is accomplished with a unique cryptogram randomly generated for each transaction. Meanwhile, a key diversification scheme limits any attack to only one unit, with user memory divided into as many as 16 separate sections – allowing several different levels of read and write access.

Additional key specs include:

• Diverse packages – The chips are available in many multiple shapes and sizes; tags in a variety of shapes can be developed for high-volume application.
• Host-side simplicity – The Atmel CryptoCompanion chip provides simple, plug-and-play authentication on a host (interrogator) device.
• Development tools – Comprehensive reference designs, demonstration kits and application software facilitate implementation into existing products.

Interested in learning more about Atmel’s CryptoRF portfolio? A full breakdown is available here.