![[caterpillarcowboy:infoneernet:roomthily]
Simple Passwords Remain Popular, Despite Risk of Hacking - NYTimes.com
Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”
More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.
That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.
“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations,” Mr. Shulman said. “The reality is that you can be very effective by choosing a small number of common passwords.”
gbattle sez:
These results do not surprise me. While at Princeton, a friend (who shall remain nameless, but he’s been prominent at Microsoft for years) and I wrote a program to link 96 Sun workstations together to crack all of the school’s passwords (an intelligent iterative dictionary hack). We cracked about 25% of them, or 1600 passwords. After some analysis, we found that the number one password was “banana.” Included in the banana boat was my introductory computer science professor (again, nameless to protect the guilty). It took us about 4 hours to run and we would have gotten away with it if we’d been a bit more conspicuous about how “nice” we were when sucking cycles from every available machine on a Friday night. We avoided any severe penalty by handing our detailed analysis over to the top dog sysadmin under the guise of research - and reminding him that I had uncovered his lead customer service technician’s cache of porn hidden on school computers.
Ace in the hole, for the win.](http://25.media.tumblr.com/tumblr_kwkumaq2fr1qzf03eo1_500.jpg)
[caterpillarcowboy:infoneernet:roomthily]
Simple Passwords Remain Popular, Despite Risk of Hacking - NYTimes.com
Imperva found that nearly 1 percent of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”
More disturbing, said Mr. Shulman, was that about 20 percent of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.
That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.
“We tend to think of password guessing as a very time-consuming attack in which I take each account and try a large number of name-and-password combinations,” Mr. Shulman said. “The reality is that you can be very effective by choosing a small number of common passwords.”
gbattle sez:
These results do not surprise me. While at Princeton, a friend (who shall remain nameless, but he’s been prominent at Microsoft for years) and I wrote a program to link 96 Sun workstations together to crack all of the school’s passwords (an intelligent iterative dictionary hack). We cracked about 25% of them, or 1600 passwords. After some analysis, we found that the number one password was “banana.” Included in the banana boat was my introductory computer science professor (again, nameless to protect the guilty). It took us about 4 hours to run and we would have gotten away with it if we’d been a bit more conspicuous about how “nice” we were when sucking cycles from every available machine on a Friday night. We avoided any severe penalty by handing our detailed analysis over to the top dog sysadmin under the guise of research - and reminding him that I had uncovered his lead customer service technician’s cache of porn hidden on school computers.
Ace in the hole, for the win.
