Quick: What’s your password? Is it 123456? Is it password? Is it abc123? Is it your first name? Surprisingly, for a large number of users, those are the types of words being picked to safeguard private accounts. Not surprisingly, that’s a bad thing.
About a week ago open source forum project phpBB had their site hacked. About 20,000 passwords from users of the site were published to the Internet. Though that’s definitely not a good thing, for security researchers it offered a unique opportunity to study how real users create passwords.
Robert Graham, of Dark Reading, published some findings about the patterns used in the hacked passwords last week. The list of the top 20 passwords from the phpBB data set is not very encouraging. The number one password — used by over 3% of accounts — was ‘123456.’ Number two on the list was ‘password.’ Number three was ‘phpbb.’ In fact, almost all of the top 20 most used passwords were variations of those simple themes: numbers in sequential order, keyboard combinations (like ‘qwerty’), or common words or names.
Graham found that between 65% and 94% of passwords were common dictionary words (the latter number being for dictionaries that include commonly used proper nouns, such as “Xbox” or “Pokemon”), and that on average, the words tended to be simple words like “apple” or “orange” rather than more complex words.
Article source: Sitepoint
Tidak ada komentar:
Posting Komentar