Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Users Have Stronger Passwords Than Employees

Posted by Zonk on from the hardly-surprising dept.

Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones." From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."

3 of 263 comments (clear)

  1. The Lesson? by lunartik · · Score: 5, Interesting

    This may not mean that "passwords are getting better." It may just prove once again that people care more about their personal things than other people's stuff.

  2. Don't be impressed. by Anonymous Coward · · Score: 4, Interesting

    I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric.

    I'm not. MySpace users have good passwords because MySpace requires them to, not because they're savvy. "Your password must contain at least one number and one punctuation mark," etc.

  3. Re:MOD PARENT INSIGHTFUL by RicktheBrick · · Score: 4, Interesting

    I never worry about passwords. I would not worry if someone else knew my password for slashdot. What would they do with it? The only thing they could do it make comments in my name. Even with my bank accounts the only thing they can do it to see how much money I have and transfer money between two of my accounts. If someone wanted to be super mean they could transfer all my checking account money into my savings account and thus cause any checks I write to bounce. They still would not get any personal gain from it. If passwords are such a problem let me suggest a hardware fix. Let there be two passwords. A local password that the user would remember and a password that would be sent out. There would be a table on either the hard drive or a usb flash memory card for the lookup of the secondary password. Since no one would have to memorize or even know the secondary password it could be a 100 randomly generated characters and could be changed every time the user access the account. If one uses the usb flash memory than one could take it with them for use on another computer and by removing it from the computer prevent any other user on that computer from accessing their account. If it is that big a problem than a fix like that would have been used a long time ago.