From Imperva, through CBC
Link source:http://www.cbc.ca/consumer/story/2010/01/21/consumer-passwords.html
A California company has found that computer users consistently choose weak passwords, with the most common one being 123456.
The second-most common password is 12345, followed by 123456789.
And the fourth most common password is "password."
You can see where this is going. The report by California internet security firm Imperva concludes
many people choose passwords that could be easily hacked, and they've
been making bad password choices for nearly two decades.
The firm compiled the report after getting access to 32 million
passwords that had been posted briefly to the internet in a major
security breach in December. A hacker posted them to the internet after
hacking into Rockyou.com, an internet ad company with links to
Facebook, MySpace and other social networking sites.
"The data provides a unique glimpse into the way that users select
passwords and an opportunity to evaluate the true strength of passwords
as a security mechanism," Amichai Shulman, Imperva's chief technology
officer, said in a news release Thursday. "Never before has there been
such a high volume of real-world passwords to examine."
Of 32 million passwords, more than 290,000 were 12345, the report
found. Twenty per cent of the passwords were common names and slang or
easily remembered number combinations.
This is all fertile ground for hackers, the report said.
"To quantify the issue, the combination of poor passwords and
automated attacks means that in just 110 attempts, a hacker will
typically gain access to one new account in every second, or a mere 17
minutes to break into 1,000 accounts."
The authors cited several studies dating back to 1990 showing that
when people picked passwords, they generally cared more about being
able to remember them than about security.
An internet search by CBC News turned up even earlier studies of
poor password choice. A 1979 study of Unix users found most passwords
were just four letters or numbers long.
In 2006, an examination of 34,000 MySpace passwords found that 65
per cent contained eight characters or less. Among the most common
passwords for MySpace: abc123 and password.
"This means that the users, if allowed to, will choose very weak
passwords even for sites that hold their most private data," the
Imperva report concluded.
Imperva's analysis found that about 30 per cent of users chose
passwords of fewer than seven characters. Nearly 50 per cent of people
used names, slang words, dictionary words or trivial passwords —
consecutive digits, adjacent keyboard keys and so on.
Imperva recommends that passwords contain a minimum of eight
characters. They should include a mix of four different types of
characters: upper case letters, lower case letters, numbers and special
characters such as !@#$%^&*.
No comments:
Post a Comment
Thanks for commenting! Comment more!