People still using weak passwords

  1. Listen Featured Audio

Download MP3iTunes

123456.

Believe it or not, that was the most common password on a list of 10,000 e-mail addresses recently revealed after a phishing attack.

Guests: Robert Abela, Acunetix; Bruce Schneier, security technologist

One Response to “People still using weak passwords”

  1. Norm says:

    PASSWORDS

    As a computer research scientist, I take issue with several general recommendations for passwords. Granted, for secured systems that sophisticated attackers focus on, these guidelines make sense.

    However, I see no reason to regularly changing passwords for the average person. This assumes that someone is methodically going thru EVERY possible combination of characters, amounting to at least millions of combinations (though passwords like ‘123456’ are low-hanging fruit) to guess your password.

    Alternatively, the provider should alert you when 10+ (or 100) wrong passwords have been tried, which could alert you to at least THINK about changing your password.

    If a provider required even just a 30 second waiting period between attempts to log in, the criminal could try no more than 3000 combinations per day.

    If the provider alerts you to the fact that 3000 attempts have been made to log in to your account, perhaps you might be motivated to change your password to ApPlE$$1865#:->… and then not think twice about changing your password for 10 years (even if someone is trying to break in every day until then, they won’t guess it — only the delusional or severely paranoid would disagree).