By Tuan Nguyen
Posting in Technology
An analysis of nearly 70 million online accounts shows how bad most people are at creating secure passwords.
So much for the notion of younger people being more web-savvy. The typical web internet user over the age of 55 picks passwords that are two times stronger than the under-25 set, according to a security analysis of nearly 70 million Yahoo! users.
Joseph Bonneau, a computer scientist at the University of Cambridge, conducted the research, which turned up a few other perhaps surprising findings. For instance, a worldwide comparison of nations showed that Germans and Koreans tended to have the strongest passwords. Indonesians chose the weakest. Vietnamese and Italians also used weak passwords. But not surprisingly, people who changed their password from time to time tend to select the strongest ones. The study's results were presented at the Symposium on Security and Privacy in San Francisco, California, on 23 May.
So this would suggest that, in essence, an older German person would have the most uncrackable password right? Well even so, the news overall wasn't good. The analysis showed that people's passwords usually had less than 10 bits of online security protection, which means that as few as 1,000 attempts was all that's needed to hack into a user's account. More troubling was the fact that those with a credit card stored on their account did little to bolster protection beyond avoiding weak passwords such as "123456," according to New Scientist.
“The most troubling ﬁnding of our study is how little password distributions seem to vary … with effective security varying by no more than a few bits,” Bonneau wrote.
To calculate password strength, Bonneau used a technique called hashing, which, similar to encryption, masks the users original password. He believes his approach offers more of a real-world scenario because often times "maybe an attacker is happy to only break one per cent of accounts they have access to, or 50 or even 90 per cent," he says.
His solution: Give people randomly chosen nine-digit numbers since even a combination chosen at random would be 1,000 times more secure against every type of attack.
Personally, I think that people tend to pick less-secure passwords because simple patterns and important dates are a lot easier to commit to memory than a completely random combination. Hence the dilemma: How do you create a strong password password that you can recall easily?
For that, check out my post on "How to create an easy-to-remember, ultra-secure password."
(via New Scientist)
- Why you might be vulnerable to hackers (but don’t know it)
- How phone hacking works (and other lessons from the News Corp. scandal)
- Dramatic video: hacker vs. computer
The latest on security and privacy:
- Virus alert! You can now get infected by opening an e-mail
- CIA: We'll spy on you through your refrigerator
- Want to get hired? Please provide your Facebook password
Jun 5, 2012
On touch screen phones, which are a kids fad, the passwords are mostly on the short side because of the difficulty of typing it in. My email password is 15 mixed characters and it took me two hours to successfully set up an email account on a new touch screen phone. I finally sent the phone back and traded it for a BlackBerry Bold 9930 with a physical keyboard. Took me about 20 seconds to enter my 15 character password. Love that BlackBerry Bold.