[ISN] UK study: Passwords often easy to crack

From: InfoSec News (isnat_private)
Date: Wed Mar 13 2002 - 23:41:52 PST

  • Next message: InfoSec News: "[ISN] Murdoch security chief linked to TV piracy site"

    From Andrew Brown
    CNN Hong Kong
    March 13, 2002
    (CNN) -- Computer passwords are supposed to be secret. But
    psychologists say it is possible to predict a password based on the
    personalities of users or even what is on their desks.
    Objects around the office may not seem important. But they may help
    someone to crack your computer password and masquerade as you, sending
    e-mails, accessing files and even plundering your online bank account.
    According to a recent British study, passwords are often based on
    something obvious. Around 50 percent of computer users base them on
    the name of a family member, partner or a pet. Thirty percent look to
    a pop idol or sporting hero.
    Such password inspirations could be a problem.
    "Particularly if you are a fan of a football club. Then you might well
    have something related to that football club on your desk at the
    office. You might have a mug or a pen. And if someone wants to try to
    hack into your system, then they might try using that as your
    password," said Helen Petrie of City University in London.
    It is not always that easy. Psychologists say passwords often reflect
    something about our subconscious. Users may not even know what
    inspires them to chose one word rather than another.
    "It seems to be something about the first thing that comes into your
    mind when you're asked to give a password," Petrie said.
    According to Petrie, 10 percent of users pick passwords that reflect
    some kind of fantasy. Often these contain sexual references. And 10
    percent use cryptic combinations. They are among the toughest to
    To protect online customers, financial institutions advise them to
    enhance security by using random words and letters and to change a
    password frequently.
    "Even with the strongest, fastest computer these days, it still takes
    some time to crack a strong password," said Eugene Law of Cash
    Financial Services Group.
    Experts say that whatever you do, do not base a password on your own
    name or date of birth.
    And when you are asked to select a password, do not simply type in
    password. That one is not too hard to crack.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Mar 14 2002 - 02:35:49 PST