Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Users Have Stronger Passwords Than Employees

Posted by Zonk on from the hardly-surprising dept.

Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones." From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."

21 of 263 comments (clear)

  1. Password1? by spun · · Score: 2, Funny

    That's the kind of password an idiot would have on his electronic luggage!

    --
    - None can love freedom heartily, but good men; the rest love not freedom, but license. -- John Milton
    1. Re:Password1? by 0kComputer · · Score: 2, Funny

      /obligitory That's the same combination I have on my luggage!

      --
      Top 10 Reasons To Procrastinate
      10.
  2. The three most commonly used passwords are... by Pojut · · Score: 4, Funny

    "Love, Sexxxx, and...GOD. So, would her royal highness care to change her password?"

    --
    Living With a Nerd
  3. Security through obscurity? by GoodbyeBlueSky1 · · Score: 4, Funny

    ...found that the average password was 6.4 characters long. What kind of newfangled keyboard do you need to type one of those in?!
    --
    why? forty-two.
    1. Re:Security through obscurity? by kaizenfury7 · · Score: 5, Funny

      You need to use an average keyboard because an average keyboard has 101.4 keys.

  4. nobody can guess mine by zakeria · · Score: 4, Funny

    I use this password ;#E4][££2&9a for everything.. Oops?

    1. Re:nobody can guess mine by kaizenfury7 · · Score: 5, Funny
      Don't worry... all we saw was:

      I use this password ************ for everything.. Oops? Slashcode is pretty advanced like that... it has filters that automatically hide your personal information in case you accidentally post it. Try posting your ATM PIN or social security code and see how advanced those filters are.
    2. Re:nobody can guess mine by Tired_Blood · · Score: 5, Funny
      Don't worry... all we saw was:

      I use this password ************ for everything.. Oops?

      Slashcode is pretty advanced like that... it has filters that automatically hide your personal information in case you accidentally post it. Try posting your ATM PIN or social security code and see how advanced those filters are.


      "you can go hunter2 my hunter2-ing hunter2"

      *Cough*
      --
      This is not my sig.
  5. i'm not suprised by JeanBaptiste · · Score: 5, Funny

    a 14 year old cares far more about their social life than most adults care about their jobs.

  6. You're ignoring the obvious by neimon · · Score: 1, Funny

    How do you get .4 characters? What's 2/5 of 8 bits? 16/5? That's so kewel. NO one will guess that.

  7. password1??? by Rob+T+Firefly · · Score: 1, Funny

    Amazing! That's the same password I have on my luggage!

    --
    Slashdot Burying Stories About Slashdot Media Owned
  8. Re:Okay... by Anonymous Coward · · Score: 4, Funny

    Wow. We MySpace usrz hav BetA security. hu wouldve thunk it. It's not lIk Im doin NEthing dfrnt. Im not lIk tinkN security 24-7.

  9. This is all wrong... by __aaclcg7560 · · Score: 4, Funny

    MySpace passwords would fail more often if a l33t dictionary was used instead. Do kids even know words from a plain old dictionary?

  10. Dictionary words? by chrisb33 · · Score: 5, Funny

    I'm impressed that less than 4 percent were dictionary words Considering only 10 percent of the words on myspace are dictionary words to begin with, this isn't very surprising.

    Maybe the users just used their usernames as passwords - that would probably be the best way to generate a random sequence of characters.
  11. It's obvious! by AntEater · · Score: 2, Funny

    Of course dictionary attacks won't work - have you seen the spelling on MySpace?!? It's not that they are trying to be more secure, it's that the users can't spell well enough to get a dictionary match.

    Getoffamylawn!

    --
    Alex, I'll take keybindings not used by Emacs for $400....
  12. Re:Okay... by Brewskibrew · · Score: 5, Funny

    Hello, this is http://slashdot.org./ We're undergoing a routine security check and your account has been flagged as it is being accessed by computers in other countries. Please click "reply" to this post and enter your userid, password, shoe size, and iq so that your account can be unlocked. Failure to do so indicates that you are a non-compliant individual and appropriate steps will be taken.

    --
    For sale: Signature. One owner. Low miles. Always garaged. New punctuation, just installed!
  13. .gz? by mattpointblank · · Score: 2, Funny
    Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample


    I love when the editors just copy and paste without even reading what they're posting. Which part of that sentence was a .gz file, Zonk?
  14. Re:Duh! by Anonymous Coward · · Score: 1, Funny

    Those corporate users that were dumb enough to fall for phishing had bad passwords. No suprises there. People prone to fishing are probably less securtity concious. People prone to fishing are probably fish.
  15. Re:Okay... by ceoyoyo · · Score: 5, Funny

    Maybe MySpace users just can't spell....

  16. Excellent Security by Namlak · · Score: 2, Funny

    found that the average password was 6.4 characters long

    6.4 character-long passwords are extremely secure!

    Every password-cracking scheme that I've seen goes right from 6 character strings to 7 character strings.

  17. Re:Okay... by Dabido · · Score: 4, Funny

    You're going to have trouble typing my password, as it's 6.4 characters long. The first six characters are 'passwo' The .4 consists of 'r' and 'd' type in such a way as to only use 0.2 of each. :-)

    --
    Sure enough, the cow costume was hanging up next to the superhero outfit and sailors uniform. (S,Spud)