iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > Insider Reports > Insider > Database Hack Shows Predictability Of Passwords
Search:
[ insider_reports_insider ]

Database Hack Shows Predictability Of Passwords



SecurityProNews
Staff Writer
2009-02-10

SecurityProNews: Insider Reports Insider Reports RSS Feed


A hacked forum reveals once again that people-even tech savvy ones-need to work on their password originality. Keying 123456 just isn't going to cut it, neither is "password," which are two of the most common choices among users of phpbb.com.

Database Hack Shows Predictability of Passwords
Database Hack Shows Predictability of Passwords
The hacker who swiped log-in data from the site published how it was done, and Robert Graham at DarkReading.com broke down the passwords used by 20,000 users. The top five were as generic as they come: 123456, password, phpbb, qwerty, 12345, 12345678.

All of these, obviously, are not exactly tough nuts to hack, and wouldn't even need an automated dictionary file to break. Beginners could just consult the top 500 list and crack a fair percentage of them. With a dictionary's help, Graham found that 65% of the fiels matched. Using a hacker's dictionary-which would run popular non-English passwords-94% were busted.

A logical argument has been presented that people are less careful about web-based accounts where nothing important is compromised than they are with, say, their bank account. Regardless, webmasters who don't want their user-network sites compromised would do well to advise users not to just type in the brand of monitor they're using as their password.

Names, pop culture references (especially obscure science fiction ones like the model number of the Starship Enterprise-come on, you think a hacker's not going to know that one?), and keypad number patterns are obvious targets.

1-5-9-3-5-7, for example, makes an X on the number pad, and yes, lots of other people have thought of it too. Van Halen's ou812, too. And pretty much anything else clever and humorous you can think of.

With that in mind, if you suspect your staff or your users to be rather nonchalant about their passwords, it's a good idea to prompt them to change to something both complex and highly personal.


About the Author:
SecurityProNews is a daily online and email publication focusing on internet security issues.

More insider_reports_insider Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds