Password Security Insights

Posted by Queuebot in Everything Else on February 9, 2009 at 6:41 pm


Analyst Robert Graham of Dark Reading, a website dealing with computer security issues, authored a fascinating report on the recent hacking of the popular website phpbb.com. The hacker published approximately 20,000 passwords from the site. A few of the interesting insights about the passwords:

16% of passwords matched a person’s first name. This includes people choosing their own first names or those of their spouses or children. The most popular first names were Joshua, Thomas, Michael, and Charlie. But I wonder if there is something else going on. Joshua, for example, was also the password to the computer in "Wargames," which almost certainly accounts for it being at top. Variations of the name "Jordan" are popular, which almost certainly refers to "Michael Jordan," a prominent basketball start (such as "jordan23," referring to his jersey number). This makes me wonder how many people use "Michael" as a password to refer to their children compared to sports stars.

14% of passwords were patterns on the keyboard, like "1234," "qwerty," or "asdf." There are a lot of different patterns people choose, like "1qaz2wsx" or "1q2w3e." I spent a while googling "159357," trying to figure out how to categorize it, then realized it was a pattern on the numeric keypad. I suppose whereas "1234" is popular among righthanded people, "159357" will be popular among lefties.

4% are variations of the word "password," such as "passw0rd," "password1," or "passwd." I googled "drowssap," trying to figure out how to categorize it, until I realized it was "password" spelled backward.

For the complete list and analysis, visit link.

Link – via tech

From the Upcoming ueue, submitted by Geekazoid.


Previous post
this post? Please Email this               
Next post

Tags: , ,


FUN PRODUCTS FROM THE NEATORAMA SHOP:


COMMENT

11 comments to "Password Security Insights"

  1. willwesmck
    February 9th, 2009 at 7:36 pm

    Just an observation:
    Maybe the reason why people don't use strong passwords for websites like phpBB and Myspace is because they frankly do not care. When every site requires a password, people usually choose a simple easy to remember password for websites like these, and choose to keep their strong passwords for banking websites and the sort. The sites obviously have security holes, so I wouldn't use a serious password.

  2. Edward
    February 9th, 2009 at 9:09 pm

    Willwesmck is correct. Everyone on the Internet needs three passwords. A simple one for sites that don't really matter, a strong one for sites that do, and a really complex one that changes every month for sites that handle money.

  3. CheeseDuck
    February 9th, 2009 at 9:21 pm

    I agree :P
    I personally use my first name for a variety of sites that require passwords, but I do not really care about the security of.

  4. Justin
    February 9th, 2009 at 11:40 pm

    yeah I agree with everyone here. For important stuff like my school e-mail, I use a more complex password. However for most websites like this one I just use an easy to remember password.

    I am curious to know the passwords people choose for their primary e-mail. That would be a true test of how secure they make their password.

    But honestly, why should we feel the need to create complex and unique alpha-numeric passwords for neatorama? If someone wants to hack my account and post as Justin I really wouldn't care and probably wouldn't even notice. :)

  5. nicleT
    February 10th, 2009 at 1:05 am

    I personally set very complicated passwords and store them in a utility called 1Password.

  6. Skipweasel
    February 10th, 2009 at 4:26 am

    For secure passwords I sometimes use license plate numbers from cars we had when I was a kid. Most men can remember the plates from when they were not much older than toddlers - alphanumeric, non-obvious, and unless someone's very clever, impossible to guess.


  7. February 10th, 2009 at 4:35 am

    "159357" will be popular among lefties."
    I wonder how lefties reach for the numeric keypad...

  8. Skipweasel
    February 10th, 2009 at 6:32 am

    Oh, and if you're going to use a password generator for really Sdfg£$7£$%sbkA sort of passwords for routers and the like - write it carefully on the bottom in indelible pen.

  9. burexas.irom
    February 10th, 2009 at 6:41 am

    I'm surprised that the passwords "secret" and "sex" from the movie Hackers didn't have a noticeable percentage. That movie was hilarious.

  10. Scooter
    February 10th, 2009 at 1:58 pm

    My password if ******* and bet no one else has that.

    How about 123456 that's the kinda combo an idiot has on his luggage.

  11. F. Andy Seidl
    March 23rd, 2009 at 11:46 am

    I've been advocating for strong password use both within my company and with our clients for years, but its surprising how many people use the same simple password everywhere.

    I wrote more about that, and about some tips for avoiding common password management headaches, here:

    The Danger of Strong Passwords that are Easy-to-remember
    http://faseidl.com/public/item/229130


PLEASE LEAVE A COMMENT

Neatorama Comment Policy
You don't have to register or login to comment, but it's easier if you do so. Comments aren't censored, but those that are abusive or off-topic may be edited or deleted.


Stay updated on the comments with Comment RSS