Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Users Have Stronger Passwords Than Employees

Posted by Zonk on from the hardly-surprising dept.

Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones." From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."

26 of 263 comments (clear)

  1. Okay... by eln · · Score: 5, Insightful

    So MySpace users are smart enough to pick somewhat secure passwords, but still dumb enough to fall for basic phishing attacks.

    It doesn't matter how strong their password is if they are still giving it to whoever asks for it.

    1. Re:Okay... by Anonymous Coward · · Score: 4, Funny

      Wow. We MySpace usrz hav BetA security. hu wouldve thunk it. It's not lIk Im doin NEthing dfrnt. Im not lIk tinkN security 24-7.

    2. Re:Okay... by Brewskibrew · · Score: 5, Funny

      Hello, this is http://slashdot.org./ We're undergoing a routine security check and your account has been flagged as it is being accessed by computers in other countries. Please click "reply" to this post and enter your userid, password, shoe size, and iq so that your account can be unlocked. Failure to do so indicates that you are a non-compliant individual and appropriate steps will be taken.

      --
      For sale: Signature. One owner. Low miles. Always garaged. New punctuation, just installed!
    3. Re:Okay... by h2g2bob · · Score: 5, Informative

      Or maybe it's just the fact that Myspace requires new users to have a number in the password!

    4. Re:Okay... by andreamer · · Score: 5, Informative

      From a link in the article:

      "The attacker had registered a MySpace account named login_home_index_html, meaning that the MySpace page hosting the fake login, looked like a legitimate place where users would sign on to the service."

      So it was just a user page but it DID have myspace.com in the URL. The URL was:

      http://www.myspace.com/login_home_index_html

    5. Re:Okay... by ceoyoyo · · Score: 5, Funny

      Maybe MySpace users just can't spell....

    6. Re:Okay... by Dabido · · Score: 4, Funny

      You're going to have trouble typing my password, as it's 6.4 characters long. The first six characters are 'passwo' The .4 consists of 'r' and 'd' type in such a way as to only use 0.2 of each. :-)

      --
      Sure enough, the cow costume was hanging up next to the superhero outfit and sailors uniform. (S,Spud)
  2. The Lesson? by lunartik · · Score: 5, Interesting

    This may not mean that "passwords are getting better." It may just prove once again that people care more about their personal things than other people's stuff.

    1. Re:The Lesson? by Cat_Byte · · Score: 4, Insightful

      I tend to think people come up with a really good password, then they have to come up with 12 others in a row after each expires and disallows reusing an old one.

      --
      Two roads diverged in a wood, and I - I took the one the bus load of girls just went down.
    2. Re:The Lesson? by lpcustom · · Score: 5, Insightful

      Yeah I agree. The time limits on passwords cause most people to just come up with something easier to remember. Why should I have to change my password every 30 days if it's something like Mxo2s0LLn234aAZSQ If I can't even get it right I'm sure no one else is going to guess it. There shouldn't be a need to change it.

      --
      Beer! It's what's for breakfast!
  3. The three most commonly used passwords are... by Pojut · · Score: 4, Funny

    "Love, Sexxxx, and...GOD. So, would her royal highness care to change her password?"

    --
    Living With a Nerd
  4. Security through obscurity? by GoodbyeBlueSky1 · · Score: 4, Funny

    ...found that the average password was 6.4 characters long. What kind of newfangled keyboard do you need to type one of those in?!
    --
    why? forty-two.
    1. Re:Security through obscurity? by kaizenfury7 · · Score: 5, Funny

      You need to use an average keyboard because an average keyboard has 101.4 keys.

  5. nobody can guess mine by zakeria · · Score: 4, Funny

    I use this password ;#E4][££2&9a for everything.. Oops?

    1. Re:nobody can guess mine by kaizenfury7 · · Score: 5, Funny
      Don't worry... all we saw was:

      I use this password ************ for everything.. Oops? Slashcode is pretty advanced like that... it has filters that automatically hide your personal information in case you accidentally post it. Try posting your ATM PIN or social security code and see how advanced those filters are.
    2. Re:nobody can guess mine by Tired_Blood · · Score: 5, Funny
      Don't worry... all we saw was:

      I use this password ************ for everything.. Oops?

      Slashcode is pretty advanced like that... it has filters that automatically hide your personal information in case you accidentally post it. Try posting your ATM PIN or social security code and see how advanced those filters are.


      "you can go hunter2 my hunter2-ing hunter2"

      *Cough*
      --
      This is not my sig.
  6. i'm not suprised by JeanBaptiste · · Score: 5, Funny

    a 14 year old cares far more about their social life than most adults care about their jobs.

  7. More to lose by CastrTroy · · Score: 4, Insightful

    It's because the MySpace users have more to lose. They don't want someone defacing their website. Employees on the other hand probably don't care if someone logs into their computer.

    --

    Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
  8. Stronger Passwords by Joe+The+Dragon · · Score: 5, Insightful

    It easy to have Strong Passwords when you don't need to change them all the time and can't reuse parts of the old password in the new password.

  9. Passwords Expire by Mr_Blank · · Score: 4, Insightful


        The corporate drones have to deal with passwords that expire every 30/60/90 days, and once expired those passwords can never be reused. So creating a hard password and then remembering it is not so trivial. The myspace users can come up with one hard password and keep it forever.

    1. Re:Passwords Expire by Otter · · Score: 4, Insightful

      That's one of the two points I was going to make; the other being that a comparison to corporate passwords from 1989 is only slightly more informative than one to passwords from 1889.

      --
      What I'm listening to now on Pandora...
  10. fear and netspeak by Kenshin · · Score: 4, Insightful

    I figure there's two main reasons for this:

    1) They're terrified of their peers breaking in and sabotaging their profiles. (I once got assaulted by a drunk girl I knew who thought I hacked her LiveJournal... which I didn't.)

    2) They can't spell worth shit, due to netspeak, so typical dictionary approaches aren't going to work.

    Also, you have to take into account the basic fact that younger people have grown up around computers, and understand the concept of passwords a bit better than your average middle-aged office worker.

    --

    Does it make you happy you're so strange?

  11. This is all wrong... by __aaclcg7560 · · Score: 4, Funny

    MySpace passwords would fail more often if a l33t dictionary was used instead. Do kids even know words from a plain old dictionary?

  12. Dictionary words? by chrisb33 · · Score: 5, Funny

    I'm impressed that less than 4 percent were dictionary words Considering only 10 percent of the words on myspace are dictionary words to begin with, this isn't very surprising.

    Maybe the users just used their usernames as passwords - that would probably be the best way to generate a random sequence of characters.
  13. Don't be impressed. by Anonymous Coward · · Score: 4, Interesting

    I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric.

    I'm not. MySpace users have good passwords because MySpace requires them to, not because they're savvy. "Your password must contain at least one number and one punctuation mark," etc.

  14. Re:MOD PARENT INSIGHTFUL by RicktheBrick · · Score: 4, Interesting

    I never worry about passwords. I would not worry if someone else knew my password for slashdot. What would they do with it? The only thing they could do it make comments in my name. Even with my bank accounts the only thing they can do it to see how much money I have and transfer money between two of my accounts. If someone wanted to be super mean they could transfer all my checking account money into my savings account and thus cause any checks I write to bounce. They still would not get any personal gain from it. If passwords are such a problem let me suggest a hardware fix. Let there be two passwords. A local password that the user would remember and a password that would be sent out. There would be a table on either the hard drive or a usb flash memory card for the lookup of the secondary password. Since no one would have to memorize or even know the secondary password it could be a 100 randomly generated characters and could be changed every time the user access the account. If one uses the usb flash memory than one could take it with them for use on another computer and by removing it from the computer prevent any other user on that computer from accessing their account. If it is that big a problem than a fix like that would have been used a long time ago.