Slashdot Mirror

← Back to Stories (view on slashdot.org)

MySpace Users Have Stronger Passwords Than Employees

Posted by Zonk on from the hardly-surprising dept.

Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones." From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."

13 of 263 comments (clear)

  1. Okay... by eln · · Score: 5, Insightful

    So MySpace users are smart enough to pick somewhat secure passwords, but still dumb enough to fall for basic phishing attacks.

    It doesn't matter how strong their password is if they are still giving it to whoever asks for it.

    1. Re:Okay... by Brewskibrew · · Score: 5, Funny

      Hello, this is http://slashdot.org./ We're undergoing a routine security check and your account has been flagged as it is being accessed by computers in other countries. Please click "reply" to this post and enter your userid, password, shoe size, and iq so that your account can be unlocked. Failure to do so indicates that you are a non-compliant individual and appropriate steps will be taken.

      --
      For sale: Signature. One owner. Low miles. Always garaged. New punctuation, just installed!
    2. Re:Okay... by h2g2bob · · Score: 5, Informative

      Or maybe it's just the fact that Myspace requires new users to have a number in the password!

    3. Re:Okay... by andreamer · · Score: 5, Informative

      From a link in the article:

      "The attacker had registered a MySpace account named login_home_index_html, meaning that the MySpace page hosting the fake login, looked like a legitimate place where users would sign on to the service."

      So it was just a user page but it DID have myspace.com in the URL. The URL was:

      http://www.myspace.com/login_home_index_html

    4. Re:Okay... by ceoyoyo · · Score: 5, Funny

      Maybe MySpace users just can't spell....

  2. The Lesson? by lunartik · · Score: 5, Interesting

    This may not mean that "passwords are getting better." It may just prove once again that people care more about their personal things than other people's stuff.

    1. Re:The Lesson? by lpcustom · · Score: 5, Insightful

      Yeah I agree. The time limits on passwords cause most people to just come up with something easier to remember. Why should I have to change my password every 30 days if it's something like Mxo2s0LLn234aAZSQ If I can't even get it right I'm sure no one else is going to guess it. There shouldn't be a need to change it.

      --
      Beer! It's what's for breakfast!
  3. i'm not suprised by JeanBaptiste · · Score: 5, Funny

    a 14 year old cares far more about their social life than most adults care about their jobs.

  4. Stronger Passwords by Joe+The+Dragon · · Score: 5, Insightful

    It easy to have Strong Passwords when you don't need to change them all the time and can't reuse parts of the old password in the new password.

  5. Re:nobody can guess mine by kaizenfury7 · · Score: 5, Funny
    Don't worry... all we saw was:

    I use this password ************ for everything.. Oops? Slashcode is pretty advanced like that... it has filters that automatically hide your personal information in case you accidentally post it. Try posting your ATM PIN or social security code and see how advanced those filters are.
  6. Dictionary words? by chrisb33 · · Score: 5, Funny

    I'm impressed that less than 4 percent were dictionary words Considering only 10 percent of the words on myspace are dictionary words to begin with, this isn't very surprising.

    Maybe the users just used their usernames as passwords - that would probably be the best way to generate a random sequence of characters.
  7. Re:Security through obscurity? by kaizenfury7 · · Score: 5, Funny

    You need to use an average keyboard because an average keyboard has 101.4 keys.

  8. Re:nobody can guess mine by Tired_Blood · · Score: 5, Funny
    Don't worry... all we saw was:

    I use this password ************ for everything.. Oops?

    Slashcode is pretty advanced like that... it has filters that automatically hide your personal information in case you accidentally post it. Try posting your ATM PIN or social security code and see how advanced those filters are.


    "you can go hunter2 my hunter2-ing hunter2"

    *Cough*
    --
    This is not my sig.