Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crappy Passwords Very Common

Posted by CmdrTaco on from the no-shocker-here dept.

KeatonMill writes "CNN released this story about passwords. Apparently, a group of UK psychologists did a study about password selection, and found that many passwords can be guessed if access to the subject's desk is allowed (the article gives an example of sports memoribilia representing sports-related passwords). According to the study, 50 percent of people use names of family members or pets as passwords."

4 of 422 comments (clear)

  1. How to pick a good password by EricKrout.com · · Score: 4, Informative

    The best way to think of a password is to conjure up a phrase that's random, but easy to memorize. Then, just use the first letter of each word as your password.

    For example, if you're told to pick a password with at least six characters, you could randomly come up with: Dubya Doesn't Know A Goddamn Thing

    Then, you'll have a good, random password (ddkagt) and you'll remember it, too.

    If there are other restrictions (you need numbers, mix of upper/lower cases), just adjust your random phrase to coincide.

    m o n o l i n u x :: Imagine There's No Windows(tm). It's Easy If You Try.

  2. I'm not surprised by Sits · · Score: 2, Informative

    Passwords often have to be at least 6 characters long which is just about the largest thing that people will be able to memorise. Often, drachonian admins force people to change their passwords every few months forcing users to commit yet another password to memory so they end up using things that they already know well as passwords. At least the people wern't writing them down on post it notes (even if they were doing the next worst thing). Jakob Nielsen wrote a bit about this in Security and Human Factors.

    I remember reading about how one of the most popular passwords in the 80s was fred because it was easy to remember and all four keys were close together.

  3. Why you should use multiple passwords by skunkeh · · Score: 2, Informative

    I used to get by on the net with just one password. It was very secure in that it was nice and random and not likely to appear in any cracker's dictionarys. I never really thought about security much... until a web based forum I was subscribed to was cracked. At the time I was an administrator on one of the largest online gaming forums in Europe (now sadly no longer with us), and another regular from those forums got hold of my password. Luckily he merely posted a few "hahaha I've got Skunk's password" posts and didn't do any damage, but the potentail was there.

    Since that incident I've instituted a strict policy of having at least 4 different "main" passwords, each with a different security level. I look at any site I sign up for very carefully - do es it look trustworthy? Do I trust the owner of the site (chances are my password will be stored in their database in plain text)? My "low level" passwords are used for unimportant sites while I save my "high level" ones for e-commerce and administrator functions.

    All this should have been obvious from the start, but then that's the benefit of hindsight :)

  4. My password is... by bief · · Score: 2, Informative

    ...bigfartingfatguy.