Expert: User passwords getting stronger
Published: 18 Dec 2006 16:14 GMT
A sample of login information from 34,000 MySpace.com members seems to indicate that internet users are getting better at picking more secure passwords, according to a prominent security expert.
The average password is 8 characters long and 81 percent of those in the sampling consist of both letters and numbers, Bruce Schneier, chief technology officer of Counterpane Internet Security, wrote in an article published by Wired News on Thursday. One of the users in the sample even had a 32-character password: "1ancheste23nite41ancheste23nite4".
One problem, though, is that all the passwords Schneier inspected were obtained through a phishing scam. Attackers created a fake MySpace login page and tricked users into thinking they had to enter their credentials to access their account on the social-networking site. Schneier obtained the list via a security industry colleague, he wrote.
The five most common passwords are: password1, abc123, myspace1, password and blink182 (a band), according to Schneier. Only 3.8 percent of passwords are a single word found in a dictionary, and another 12 percent are a word plus a final digit, two-thirds of the time that digit is 1, he wrote.
"We used to quip that 'password' is the most common password. Now it's 'password1'. Who said users haven't learned anything about security?" Schneier wrote. "Seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric."
Still, passwords have outlived their usefulness, according to Schneier. Password crackers are so fast that they can test millions of passwords per second. Also, people generally dislike having to remember multiple passwords. Still, passwords continue to be commonplace; even Bill Gates hasn't been able to change that yet.
Did you find this article useful?
319 out of 335 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
