Site Navigation
 |
< As if we have time to waste... | Main | NPR, others considering online "music discovery" site >
Schneier analyzes MySpace passwords
Posted at 1:57 PM on December 14, 2006 by Jon Gordon (2 Comments)
Security expert Bruce Schneier recently got the rare opportunity to analyze thousands of user passwords and he learned some pretty interesting things. He shares his research in Wired News:
How good are the passwords people are choosing to protect their computers and online accounts?It's a hard question to answer because data is scarce. But recently, a colleague sent me some spoils from a MySpace phishing attack: 34,000 actual user names and passwords.
The attack was pretty basic. The attackers created a fake MySpace login page, and collected login information when users thought they were accessing their own account on the site. The data was forwarded to various compromised web servers, where the attackers would harvest it later.
Schneir analyzed password length, character mix and common passwords. Among the most common, Schneier says, are "password1," "abc123," "myspace1," and "blink182."
We used to quip that "password" is the most common password. Now it's "password1." Who said users haven't learned anything about security?But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric.
Schneier will be the guest on tomorrow's Future Tense.
Comments (2)
I'm not surprised that many people choose easy passwords. I can think of at least eight passwords I need to use on a daily basis, some of which I am periodically forced to rotate, so the passwords I select have to be distinct yet memorably associated with each site or function. Sometimes my creativity is stymied by the site: my bank allows you to input any characters, but treats it as a 10-key numeric code. There's a definite tension between choosing a code that isn't obvious - like your initials and birthdate - but that is still somehow mnemonic.
Posted by David Linton | December 14, 2006 2:29 PM
David,
Scheneir says the best passwords are about 10 characters long, alphanumeric. He says yes, they're hard to remember, but he says what you should do is write it down on a piece of paper and put it in your wallet or purse. He says we know how to secure little bits of paper. Part two of my Future Tense interview, which will probably air Monday, will include this info and other tips on choosing and managing passwords.
Posted by Jon Gordon | December 14, 2006 2:38 PM
Recent Entries
|
|
