Slashdot Mirror

← Back to Stories (view on slashdot.org)

Analyzing 20,000 MySpace Passwords

Posted by ryuzaki0 on from the thats-kinda-scary dept.

Rub3X writes "Author found 20 thousand MySpace passwords on a phishing site and did some tests on them. They were tested for strength, length and a number of other things. Also tested was the most popular password, and the most popular email service used when registering for myspace."

9 of 177 comments (clear)

  1. Interesting analysis, but... by SilentChris · · Score: 4, Insightful

    It's a fairly interesting (if not too detailed) analysis. A commenter makes a critical observation, though: these were passwords entered at the phishing site, not MySpace. As such, some people can easily recognize it's not the original site and add such gems as "fuckyou".

    Personally, I try to fit the following in every eBay phishing page I see:

    Field 1: "just who do you think you're kidding?"
    Field 2: "better luck next time, dolt."

  2. Flawed by schabot · · Score: 4, Insightful

    The analysis is flawed as a general indicator of MySpace passwords because it is only a subset of people who would actually fall for phishing attacks. Of course such people will have horrible password habits

    Now, I am changing my password to cookie321, no one will see that coming.

    1. Re:Flawed by Zapman · · Score: 5, Insightful

      This is what it is. It's an analysis of passwords, obtained by a script kiddie's phishing site. The author makes no claims to 'analysing the strength of every myspace password' or some such. All the information you need to analyze his results are right there.

      He didn't 'choose' to study this... the data fell into his hands, and he offered analysis.

      This is a great little 'news for nerds' thing. The author says he has this data, he's smart enough not to publish it (just the analysis), he gives some interesting results from raw analysis of the 'data'. Take the story for what it is: Sunday morning on Slashdot.

      --
      Zapman
  3. Who cares about myspace password strength? by smkndrkn · · Score: 4, Insightful

    I have a few "sets" of passwords that I use. Basically it goes like this:

    1) Online banking - Very complex ( as complex as my banking site will allow that is ) / Important work related passwords
    2) Unimportant work related passwords (Such as the log in to view the cacti graphs for example) / Public websites that require a password and I care a little bit about
    3) Public websites I could give a rats ass about having broken into. Myspace would be listed here. So would my slashdot account.

    So my point is just because people use crappy passwords for myspace doesn't nesasarily mean they don't have a clue......but being caught by phishers does. ;)

    --
    ======== In the future, everything will be artificial. ========
  4. Re:666 - myname by rednip · · Score: 5, Insightful
    Most common passwords used:
    Really, it should read: the most commonly used passwords, by MySpace users who were targeted by and fell for a phisher.
    --
    The force that blew the Big Bang continues to accelerate.
  5. Almost by benhocking · · Score: 4, Insightful

    "Really, it should read: the most commonly used passwords, by MySpace users who were targeted by and fell for a phisher" - or by people pretending to be MySpace users when targeted by a phisher - or by people giving a bogus password when targeted by a phisher.

    --
    Ben Hocking
    Need a professional organizer?
    1. Re:Almost by flooey · · Score: 5, Insightful

      "Really, it should read: the most commonly used passwords, by MySpace users who were targeted by and fell for a phisher" - or by people pretending to be MySpace users when targeted by a phisher - or by people giving a bogus password when targeted by a phisher.

      I'd imagine that's why fuckyou is up there so high. I sort of assume that's a message to the phisher rather than a real password.

  6. Re:666 - myname by Tanktalus · · Score: 4, Insightful

    It depends on how smart the phisher is. If they take the password then redirect to the real MySpace account (to avoid arousing suspicions among even the gullable) where they can try again, there won't be many second-tries.

    If I were of low enough moral character to phish, that'd be what I'd do, anyway.

  7. This 'paper' doesn't give MySpace haters much ammo by erikwestlund · · Score: 4, Insightful

    I almost sense a disappointment that MySpace users didn't come out looking stupider. Give the MySpace users a break! Their computer illiteracy is made painfully clear, but imagine if Slashdot had a comparable way to highlight its posters social illiteracy. Perhaps there would be MySpacers writing on message boards about how stupid all Slashdot users were for their poor fashion sense. Yes, that would be stupid, but comparably as stupid as the blind, generalizing hate for MySpace users that is prevalent here.