NEW FEATURE: VOTE & EARN NEATOPOINTS!
Submit your own Neatorama post and vote for others' posts to earn NeatoPoints that you can redeem for T-shirts, hoodies and more over at the NeatoShop!


Password Security Insights

Analyst Robert Graham of Dark Reading, a website dealing with computer security issues, authored a fascinating report on the recent hacking of the popular website phpbb.com. The hacker published approximately 20,000 passwords from the site. A few of the interesting insights about the passwords:

16% of passwords matched a person's first name. This includes people choosing their own first names or those of their spouses or children. The most popular first names were Joshua, Thomas, Michael, and Charlie. But I wonder if there is something else going on. Joshua, for example, was also the password to the computer in "Wargames," which almost certainly accounts for it being at top. Variations of the name "Jordan" are popular, which almost certainly refers to "Michael Jordan," a prominent basketball start (such as "jordan23," referring to his jersey number). This makes me wonder how many people use "Michael" as a password to refer to their children compared to sports stars.

14% of passwords were patterns on the keyboard, like "1234," "qwerty," or "asdf." There are a lot of different patterns people choose, like "1qaz2wsx" or "1q2w3e." I spent a while googling "159357," trying to figure out how to categorize it, then realized it was a pattern on the numeric keypad. I suppose whereas "1234" is popular among righthanded people, "159357" will be popular among lefties.

4% are variations of the word "password," such as "passw0rd," "password1," or "passwd." I googled "drowssap," trying to figure out how to categorize it, until I realized it was "password" spelled backward.

For the complete list and analysis, visit link.

http://www.darkreading.com/blog/archives/2009/02/phpbb_password.html - via tech

From the Upcoming ueue, submitted by Geekazoid.


Just an observation:
Maybe the reason why people don't use strong passwords for websites like phpBB and Myspace is because they frankly do not care. When every site requires a password, people usually choose a simple easy to remember password for websites like these, and choose to keep their strong passwords for banking websites and the sort. The sites obviously have security holes, so I wouldn't use a serious password.
Abusive comment hidden. (Show it anyway.)
Willwesmck is correct. Everyone on the Internet needs three passwords. A simple one for sites that don't really matter, a strong one for sites that do, and a really complex one that changes every month for sites that handle money.
Abusive comment hidden. (Show it anyway.)
yeah I agree with everyone here. For important stuff like my school e-mail, I use a more complex password. However for most websites like this one I just use an easy to remember password.

I am curious to know the passwords people choose for their primary e-mail. That would be a true test of how secure they make their password.

But honestly, why should we feel the need to create complex and unique alpha-numeric passwords for neatorama? If someone wants to hack my account and post as Justin I really wouldn't care and probably wouldn't even notice. :)
Abusive comment hidden. (Show it anyway.)
For secure passwords I sometimes use license plate numbers from cars we had when I was a kid. Most men can remember the plates from when they were not much older than toddlers - alphanumeric, non-obvious, and unless someone's very clever, impossible to guess.
Abusive comment hidden. (Show it anyway.)
Oh, and if you're going to use a password generator for really Sdfg£$7£$%sbkA sort of passwords for routers and the like - write it carefully on the bottom in indelible pen.
Abusive comment hidden. (Show it anyway.)
I've been advocating for strong password use both within my company and with our clients for years, but its surprising how many people use the same simple password everywhere.

I wrote more about that, and about some tips for avoiding common password management headaches, here:

The Danger of Strong Passwords that are Easy-to-remember
http://faseidl.com/public/item/229130
Abusive comment hidden. (Show it anyway.)
Login to comment.
Click here to access all of this post's 10 comments
Email This Post to a Friend
"Password Security Insights"

Separate multiple emails with a comma. Limit 5.

 

Success! Your email has been sent!

close window

This website uses cookies.

This website uses cookies to improve user experience. By using this website you consent to all cookies in accordance with our Privacy Policy.

I agree
 
Learn More