John PescatoreThe New York Times had an article based on some research done by Imperva, who basically analyzed the list of 32 million passwords recently exposed in a hacker attack on RockYou, a maker of widgets for various social networking sites. Turns out that the most popular password used was ’123456′, though ’12345′ was not far behind.
Big Sigh. If you are a silver lining kind of person, at least ‘password’ was only 4th most common. So, I’m sure after this exposure, to get more secure all the users changed their passwords fro ’123456′ to ‘password’ or maybe ‘iloveyou’…
Another good reason why moving away from reusable passwords is such a good idea – the passwords users create are the equivalent of them choosing front door locks that open with skeleton keys. Now, we will be stuck with passwords for a long time and since users will complain no matter what we do to enforce password discipline, this little exercise points out we should focus on annoying users by requiring strong passwords vs. frequently changed passwords.
However, making passwords too strong can also make them too hard to remember – there is a balance to be had. Good Gartner research notes by Ant Allan and others here and here on ways to achieve that balance.
Category: Uncategorized Tags:
2 responses so far ↓
1 Why I Have Doubts About Whitelisting – The Reliance on the Carbon Based Lifeform « Triumfant Blog January 25, 2010 at 11:52 am
[...] the web that are dodgy or fall victim to social engineering. Gartner analyst John Pescatore has some thoughts about this study from the viewpoint of passwords, but I think the study speaks to the bigger issue [...]
2 Cavemen Learned to Fear Fire; Enterprises Are Still Getting Burned By Default Passwords May 26, 2010 at 7:30 am
[...] yattered a while back about bad choices users make when they get to choose their own passwords. OK, users are [...]
Leave a Comment