Want to know someone’s password? All you have to do is ask. Just grab a camera, microphone and start interviewing people on the street. Apparently, they will just tell you their password as long as you have a microphone. Who knew social engineering passwords and confidential information was so easy?

Social Engineering Passwords On National TV

In this Jimmy Kimmel Live segment, the show was able to expose a handful of passwords and other confidential information in just a matter of minutes. How did they do it? They used a hacking technique called social engineering. In case you are unfamiliar with the term, social engineering is when someone uses deception and manipulation to obtain confidential or personal information for fraudulent purposes. Basically they just politely asked people questions until they had the information they needed. Some of the personal information that Jimmy Kimmel Live was able to obtain using this social engineering password cracking technique include names of pets and family members, birthdays, graduation dates and more.

Exploiting Image Search and Facial Recognition

From an online privacy perspective, here’s where things really start to get scary. We now know two things about the people interviewed in this Jimmy Kimmel Live segment: their passwords and what they look like. That’s all a hacker needs to start to unravel your life.

If you have someone’s photo, then you can use any number of free reverse image search services to run image searches and facial recognition scans. A photo people search will often return matches to someone’s social media profiles. For example, a Twitter account. Now the hacker knows one more thing about you, your Twitter username. In this example, a savvy hacker already has the username and password login credentials they need. Once they log in to your social media profile, they can then discover additional information about you, like your phone number and email address. At this point, it may be only a matter of time until your primary email account and even banking accounts are compromised.

Our Most Common Passwords

Of course, hackers might not even need to use phishing email or social engineering attacks to obtain a password. Cracking a password might be as easy as just guessing. In 2010, a data breach of one of Facebook‘s app developer partners exposed the account passwords of 32 million users around the world. One of the most interesting insights from the breach is how lazy we all are with our passwords. Here are the 10 most common passwords exposed in the breach:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

Another thing worth pointing out, according to Jimmy Kimmel, the most common password in the United States is “password123”. At least that’s more secure than President Skroob‘s luggage combination from Spaceballs.