After a hacker broke into a website and stole 32 million passwords – and published them – an analysis of the codewords came up with a list of the top ten really bad passwords people use.

1. 123456

2. 12345

3, 123456789

4. Password

5. iloveyou

6. princess

7. rockyou

8. 1234567

9. 12345678

10. abc123

The report is of course useful for those of us who get a little lazy with passwords. It explains how super-technology-savvy hackers can break into sites with computers that come up with our bad passwords in seconds. But it is also valuable for contractors or agencies that have a lot of computers – both in the field and in offices. The report is also loaded with password information that can help IT managers.

The analysis was done by Imperva, and the company’s White Paper Report (find it an Imperva.com) shows that despite what we thought was increasing sophistication on the part of web users, bad passwords have been the rule for 20 years.

So what makes a good password according to the report? A simple rule of thumb says it should contain at least eight characters, and it should contain a mix of four different types of characters – upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*,;” If there is only one letter or special character, it should not be either the first or last character in the password.

Imperva’s report also cites expert Bruce Schneier who advises “take a sentence and turn it into a password. Something like “This little piggy went to market” might become “tlpWENT2m”. That nine-character password won’t be in anyone’s dictionary.” Schneier also says use a different password for all sites – even for the ones where privacy isn’t an issue.

To help remember the passwords, Imperva folks suggest writing them down and put the paper in your wallet. “But just write the sentence – or better yet – a hint that will help you remember your sentence.”

One last piece of advice. Never trust a third party with your important password.

Oh, and why is rockyou on the list? Because that was the name of the hacked site. Guess what the people who used this use when they choose a password for Facebook. v

Stormwater regs change course

EPA is continuing work on a first-time national rule that would set new standards to control stormwater discharges from developed sites, due by November 2012.

Associated General Contractors of America (AGC) says that as a result of its advocacy work, “EPA has decided to not require contractors to respond to a lengthy, mandatory survey that will guide and inform future requirements pertaining to long-term stormwater control practices, recognizing that contractors are not responsible for designing, financing, operating or maintaining post-construction (permanent) stormwater controls.”

EPA initiated a national rulemaking to establish a program to reduce stormwater discharges from new development and redevelopment and make other regulatory improvements to strengthen its stormwater program, says AGC. Last year EPA indicated that it would be asking contractors questions that AGC estimated would have taken a construction firm between 120 to 150 hours to complete.

Slowpokes and Congestion

First, the state law was enacted; then, a grace period allowed for driver education. Now, though, it’s time for slowpoke drivers to either get out of the left lane on U.S. 84 or pay up, warns the Sheriff’s Office in Concordia Parish, Louisiana.

A state law that went into effect in 2009 forbids vehicles in the left lane on multi-lane roads from traveling at a slower pace than traffic in the right lane. Since then, people in his jurisdiction located across the Mississippi River from Natchez, Miss. have been given time to adjust, says Concordia Sheriff Randy Maxwell. From now on, the law will be vigorously enforced, particularly on a portion of U.S. 84 known locally as the Ferriday-Vidalia highway, reports The Natchez Democrat.