Slashdot Mirror

← Back to Stories (view on slashdot.org)

75% Use Same Password For Social Media & Email

Posted by CmdrTaco on from the my-password-is-trustno1 dept.

wiredmikey writes "Over 250,000 user names, email addresses, and passwords used for social networking sites can easily be found online. A study of the data collected showed that 75 percent of social networking username and password samples collected online were identical to those used for email accounts. The password data was gathered from blogs, torrents, online collaboration services and other sources. It was found that 43 percent of the data was leaked from online collaboration tools while 21 percent of data was leaked from blog postings. Meanwhile, torrents and users of other social hubs were responsible for leaking 10 percent and 18 percent of user data respectively...."

4 of 278 comments (clear)

  1. Use Password Hasher by mbuimbui · · Score: 5, Informative

    Use firefox extension's password hasher (http://wijjo.com/PasswordHasher). Then you only need to remember one password but can use it for a variety of sites. If any one site's passwords get leaked, you dont have to go around an update your password for all other sites.

  2. Password Hashing (pwdhash) by bradgoodman · · Score: 4, Informative
    Password hashing let's you enter the same password for several sites, but changes it (i.e. hashes it) along with the domain name of different web sites - which means you are actually using a different password for every site

    Furthermore, since the passwords are seemingly random characters (not words, or anything sensable) - they are generally quite strong.

    "pwdhash" is the foremost system for doing this - there are several browser extensions and other tools for automating it

    See: http://cynix.org/tools/superpwdhash

  3. Re:"Leaked"? by Securityemo · · Score: 3, Informative

    Link to full description of the experiment: http://www.malwarecity.com/blog/the-limits-of-privacy-is-this-your-password-865.html

    --
    Emotions! In your brain!
  4. Re:"Leaked"? by plover · · Score: 4, Informative

    It's not so much about trusting a person. Although that's an exploitable component for social engineers, social engineering is fairly rare, and it doesn't scale well. It's really about the machines in which we place that trust, and how those machines can be hacked. That's the easy part to scale up.

    Hackers (specifically criminal types) operate on statistics. They don't care so much "which" websites they break open, they care about breaking into "some" sites and harvesting what can be found there. They also harvest the easy stuff: cleartext passwords, cleartext account numbers, etc. They won't run a deep password cracker on a million accounts, but they might run a simple /usr/dict/words kind of scan.

    Of course once you've broken a thousand passwords on socialsite.com, you can try correlating those to majorbank.com and amazon.com and all the other potential sources of money. Again, you don't care if 900 out of a thousand fail, because you can still effectively steal from the 100 that remain.

    --
    John