Interesting People mailing list archives
IP: UK study: Passwords often easy to crack
From: Dave Farber <dave () farber net>
Date: Mon, 18 Mar 2002 00:29:05 -0500
------ Forwarded Message
From: Ari Ollikainen <Ari () OLTECO com>
Date: Sun, 17 Mar 2002 19:46:24 -0800
To: farber () cis upenn edu
Subject: UK study: Passwords often easy to crack
"...To protect online customers, financial institutions advise
them to enhance security by using random words and letters and
to change a password frequently..."
Just as a matter of interest...how many people CHANGE their
passwords "frequently"? And how many systems today actually insist
on passwords being changed at some frequency?
Having worked, once upon a time, in an environment where a
password policy requiring observance of certain rules (random,
not a dictionary entry, no duplicate characters, minimum 6
character length, and NOT a previously used password, for example)
for user generated passwords, we discovered that MANY passwords
were 6 or more consecutive keys in the same row of the keyboard
beginning from left or right side ... AND the system would bug
users to change passwords OR be supplied one by the system.
UK study: Passwords often easy to crack
From Andrew Brown
CNN Hong Kong
http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/index.htm
(CNN) --Computer passwords are supposed to be secret. But
psychologists say it is possible to predict a password based on the
personalities of users or even what is on their desks.
Objects around the office may not seem important. But they may help
someone to crack your computer password and masquerade as you,
sending e-mails, accessing files and even plundering your online bank
account.
According to a recent British study, passwords are often based on
something obvious. Around 50 percent of computer users base them on
the name of a family member, partner or a pet. Thirty percent look to
a pop idol or sporting hero.
Such password inspirations could be a problem.
"Particularly if you are a fan of a football club. Then you might
well have something related to that football club on your desk at the
office. You might have a mug or a pen. And if someone wants to try to
hack into your system, then they might try using that as your
password," said Helen Petrie of City University in London.
It is not always that easy. Psychologists say passwords often reflect
something about our subconscious. Users may not even know what
inspires them to chose one word rather than another.
"It seems to be something about the first thing that comes into your
mind when you're asked to give a password," Petrie said.
According to Petrie, 10 percent of users pick passwords that reflect
some kind of fantasy. Often these contain sexual references. And 10
percent use cryptic combinations. They are among the toughest to
break.
To protect online customers, financial institutions advise them to
enhance security by using random words and letters and to change a
password frequently.
"Even with the strongest, fastest computer these days, it still takes
some time to crack a strong password," said Eugene Law of Cash
Financial Services Group.
Experts say that whatever you do, do not base a password on your own
name or date of birth.
And when you are asked to select a password, do not simply type in
password. That one is not too hard to crack.
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
You can't depend on your judgement when your imagination is out of focus.
-- Mark Twain.
_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
OLTECO Ari Ollikainen
P.O. BOX 20088 Networking Architecture and Technology
Stanford, CA Ari () OLTECO com
94309-0088 415.517.3519
------ End of Forwarded Message
For archives see:
http://www.interesting-people.org/archives/interesting-people/
Current thread:
- IP: UK study: Passwords often easy to crack Dave Farber (Mar 17)