Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Users Have Stronger Passwords Than Employees

Posted by Zonk on from the hardly-surprising dept.

Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones." From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."

7 of 263 comments (clear)

  1. The Lesson? by lunartik · · Score: 5, Interesting

    This may not mean that "passwords are getting better." It may just prove once again that people care more about their personal things than other people's stuff.

  2. Awesome statistic by billdar · · Score: 3, Interesting
    The best quote is from the article linked within the article:

    "I was surprised about how many Christian-sounding -- for example, "Ilovejesus" -- log-on names were associated with the worst cuss words."

    Draw your own conclusions, but I think there might be something to this.

    (and yes I did RTFA+LFA, do I lose my subscription?)

    --
    I am billdar, and I approve this message.
  3. Don't be impressed. by Anonymous Coward · · Score: 4, Interesting

    I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric.

    I'm not. MySpace users have good passwords because MySpace requires them to, not because they're savvy. "Your password must contain at least one number and one punctuation mark," etc.

  4. learning at age 6 by bcrowell · · Score: 3, Interesting

    Computer security is something that kids are learning at younger ages these days. Case in point: My 6-year-old daughter plays a flash game called clubpenguin.com, which is basically a MUD where you're a penguin and you go around playing video games, socializing with other penguins, taking care of your pet, etc. Yesterday at school, her friend asked her for her login info, and she gave it to her. Yesterday evening, my daughter finished her homework, tried to log on, and got a message saying she'd been banned for 24 hours for cussing, and the time when her penguin was cussing was a time when she hadn't been on the computer. No big deal, but at age 6, she's now had a concrete experience that shows her how it's not a good idea to give your password to someone else, even someone you think you can trust.

    --
    Find free books.
  5. Re:Okay... by risk+one · · Score: 3, Interesting

    Actually, this says that the subset of Myspace users that are dumb enough to fall for a phishing attack, are still picking better passwords than a representative subset of the whole set of corporate employees. So the worst of the Myspace users are still better than the average corporate employee.

    It doesn't really surprise me. The slashdot hive mind may not greatly respect Myspace users, but the fact that they are on the internet and trying new stuff like Myspace, makes them a lot more tech-friendly than the average American, or the average corporate employee. There is a huge amount of technophobia among the general public, and just being able to use the internet as entertainment puts you very much ahead of the flock. And it gets you learning, at which point the process becomes autonomous, and you're on the slippery slope into geekdom.

  6. Re:MOD PARENT INSIGHTFUL by RicktheBrick · · Score: 4, Interesting

    I never worry about passwords. I would not worry if someone else knew my password for slashdot. What would they do with it? The only thing they could do it make comments in my name. Even with my bank accounts the only thing they can do it to see how much money I have and transfer money between two of my accounts. If someone wanted to be super mean they could transfer all my checking account money into my savings account and thus cause any checks I write to bounce. They still would not get any personal gain from it. If passwords are such a problem let me suggest a hardware fix. Let there be two passwords. A local password that the user would remember and a password that would be sent out. There would be a table on either the hard drive or a usb flash memory card for the lookup of the secondary password. Since no one would have to memorize or even know the secondary password it could be a 100 randomly generated characters and could be changed every time the user access the account. If one uses the usb flash memory than one could take it with them for use on another computer and by removing it from the computer prevent any other user on that computer from accessing their account. If it is that big a problem than a fix like that would have been used a long time ago.

  7. Re:Duh! by SeaFox · · Score: 3, Interesting
    How is a password from sample A more secure than sample B when BOTH sample A and B's passwords were compromised?

    They were both compromised by social engineering. Which allows us to see the passwords people are choosing and find that corporate passwords are more venerable to brute force attacks.