Passwords secure? HAH!

Security Blog has an article pointing out that most passwords are insecure:

Vu, who is a assistant professor in the Psychology Department at California State University, Long Beach, goes on to say that the average password is easy to crack, but access to biographical data makes guessing that much easier with favorites being birthdays and children’s names. “My colleagues and I use an easily obtained cracking device called LC4 to crack passwords,” she said. “It sources a dictionary to try words and combinations of words. It often cracks a password without knowing anything about the user. My research says that 60 percent of passwords can be cracked within a few hours, and some in less time than that.”

One of my job functions is assisting people with creating/resetting passwords. And I am continually amazed at how poor some people’s passwords are. It would be relatively easy to guess someone’s password just by knowing a little about that person. Know that Frank’s dog’s name is Kemosabe? There’s a fair chance that is his password, too. Know that Judy is a knitting nut? Her password is probably something along the lines of woolyarn or luv2knit.

I once was personally guilty of this same thing, normally using girlfriend’s names. Over the years, though, I’ve gotten much better ’bout this. Thanks to a password vault and constant access to it, I’ve abandoned the idea of creating passwords, and instead use a random password generator. I keep all my passwords in a password safe, and have a super-strong passphrase protecting the password vault. But I’m weird that way. Most people are not going to be.

No related posts.

Comments are closed.

Profile picI am a 40-ish uber-geek, Daoist and family man. Blessed to have one incredible wife and three wonderful kiddos. Dao has been kind to me.

May 2006
« Apr   Jun »
QR Code
Top categories