Password Guessing – Still Easy As Ever

passwordlistWhen the Internet first became popular, Internet security was not a hot topic that everyone was concerned about. When making passwords, people often turned to easy to remember favorites like  “12345,” “password,” and “iloveyou.”  Surprisingly, even after all the news of hackers and people losing thousands of dollars from online identity theft, these passwords remain to be the most widely used.

A new analysis shows that about one out of every five people still use one of these easy to guess passwords for their Internet accounts, which is the digital equivalent of leaving a key under the doormat.

Within the last month, an unidentified hacker stole a list of 32 million passwords from RockYou (a company that makes software for users of social networking sites like Facebook and MySpace) and posted them online for everyone to see. This list backed up the hypothesis that people are still using the easy to guess passwords and gave hackers a list of the most popular passwords to make their hacking easier then ever. Especially with today’s fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations… The reality is that you can be very effective by choosing a small number of common passwords” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers.

So why do users continue to employ easy to guess passwords despite all the warnings about the risk? Security experts suggest it’s simply because people are overwhelmed with all the things we have to remember in this digital age, such as voicemail passwords, A.T.M. PINs, Internet passwords, etc.

In an ideal world, people would have a different password for every website, and would remember all the passwords, and only if passwordreally necessary, write it down on paper. But in the real world this is way too much to remember for our overcrowded brains, which is why experts suggest we should have at least two different passwords. One complex password for important accounts such as e-mail and banking, and a simpler one for accounts such as entertainment and social networking.

“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”

To “run that bit faster”, you should try to make your passwords at least 12 characters long, throw in some number and capitals in there, making your password much harder to hack then most. This way, the hacker would rather break into someone else’s account within minutes, then bother with yours for hours.

(Via NYTimes)

About the author  ⁄ BrickHouse Security

BrickHouse Security is the industry's premier supplier of security and surveillance solutions. As a recognized authority in GPS tracking, hidden cameras, cell phone/PC monitoring, video surveillance and counter surveillance, we help our customers use technology to get the clarity they need. We proudly serve consumers, businesses of all sizes and the law enforcement community. When you need to know, BrickHouse has the answers.

  • janice33rpm

    Anyone else here reading “I.T. WARS”? The book speaks of making everyone a “mini security officer,” – something that makes sense in this day and age. Obviously, qualified security officers wouldn’t be creating passwords along the lines of “123456”. I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors – I think most system outages are too. The field of Security is going to explode: consider the “blended environments” whereby personal assets (such as laptops for weekend and ‘on the road’ work) and outside social networking sites (such as Twitter and Facebook) are increasingly utilized by Business. The book has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).

  • janice33rpm

    Anyone else here reading “I.T. WARS”? The book speaks of making everyone a “mini security officer,” – something that makes sense in this day and age. Obviously, qualified security officers wouldn't be creating passwords along the lines of “123456”. I had to read parts of this book as part of my employee orientation at a new job. The book talks about a whole new culture as being necessary – an eCulture – for a true understanding of security, being that most identity/data breaches are due to simple human errors – I think most system outages are too. The field of Security is going to explode: consider the “blended environments” whereby personal assets (such as laptops for weekend and 'on the road' work) and outside social networking sites (such as Twitter and Facebook) are increasingly utilized by Business. The book has great chapters on security, as well as risk, content management, project management, acceptable use, various plans and policies, and so on. Just Google “IT WARS” – check out a couple links down and read the interview with the author David Scott. (Full title is “I.T. WARS: Managing the Business-Technology Weave in the New Millennium”).

  • Hacking Forum

    This Episode of CrackerCast looks at this weeks hacker news and introduces you to password cracking.

  • Hacking Forum

    This Episode of CrackerCast looks at this weeks hacker news and introduces you to password cracking.