Blackberry Bans Weak Passwords To Protect Consumers From Hackers

Blackberry may be losing ground to Apple's iPhone and Google's Android devices. But its struggling parent company is still known for making some of the most hacker-proof smartphones on the market.

To uphold its reputation for security, BlackBerry-maker Research In Motion Ltd. (RIM) has put out a list of 106 passwords that its customers are banned from using because they are too weak. The list included "123456," "pookie," "butthead," "snoopy," as well as Winnie the Pooh characters "Tigger" "piglet" and "poohbear," and the weakest password of them all: password. A complete list was published on the blog Rapid Berry.

Tim Segato, senior product manager for BlackBerry security at RIM, said the list had been identified by industry researchers as among weakest passwords used most often. He said the list applies to Blackberry IDs that allow users to access the company's website, apps and services and doesn't apply to those used to log-in to the device itself.

“BlackBerry continually looks to help its customers protect their confidential information," he said in a statement. "One element of BlackBerry’s overall security solution is to limit commonly used passwords on BlackBerry ID."

Blackberry's password blacklist is part of a growing effort among tech companies to force consumers to devise a complex string of characters to log-in to their accounts. The reason is that most Internet users simply can't be trusted to create strong passwords on their own, experts say. Last year, Microsoft banned weak passwords from its email service Hotmail. Google Wallet also rejects easy-to-crack log-ins.

But Blackberry's list of 106 banned passwords hardly covers the myriad of ways that users leave themselves vulnerable by creating simple passwords. Hackers are now using free password-cracking software like "John the Ripper" to test millions of commonly-used passwords from websites that have been breached.

Such programs are effective because most Internet users have just a few passwords that they recycle again and again, so passwords stolen from one company's servers likely hold the keys to accounts with other companies. A 2007 study by Microsoft found that the average Web user keeps 25 separate accounts but uses just 6.5 passwords to protect them.

Security experts say consumers should create long, complex passwords of letters and numbers and use different ones for each account to prevent hackers from figuring them out and wreaking havoc on their digital lives.