[ISN] UK study: Passwords often easy to crack

From: InfoSec News (isnat_private)
Date: Wed Mar 13 2002 - 23:41:52 PST

Next message: InfoSec News: "[ISN] Murdoch security chief linked to TV piracy site"

Previous message: InfoSec News: "[ISN] Teen Hacker's Offer To Help Leads To Felony Charges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/index.html

From Andrew Brown
CNN Hong Kong
March 13, 2002

(CNN) -- Computer passwords are supposed to be secret. But
psychologists say it is possible to predict a password based on the
personalities of users or even what is on their desks.

Objects around the office may not seem important. But they may help
someone to crack your computer password and masquerade as you, sending
e-mails, accessing files and even plundering your online bank account.

According to a recent British study, passwords are often based on
something obvious. Around 50 percent of computer users base them on
the name of a family member, partner or a pet. Thirty percent look to
a pop idol or sporting hero.

Such password inspirations could be a problem.

"Particularly if you are a fan of a football club. Then you might well
have something related to that football club on your desk at the
office. You might have a mug or a pen. And if someone wants to try to
hack into your system, then they might try using that as your
password," said Helen Petrie of City University in London.

It is not always that easy. Psychologists say passwords often reflect
something about our subconscious. Users may not even know what
inspires them to chose one word rather than another.

"It seems to be something about the first thing that comes into your
mind when you're asked to give a password," Petrie said.

According to Petrie, 10 percent of users pick passwords that reflect
some kind of fantasy. Often these contain sexual references. And 10
percent use cryptic combinations. They are among the toughest to
break.

To protect online customers, financial institutions advise them to
enhance security by using random words and letters and to change a
password frequently.

"Even with the strongest, fastest computer these days, it still takes
some time to crack a strong password," said Eugene Law of Cash
Financial Services Group.

Experts say that whatever you do, do not base a password on your own
name or date of birth.

And when you are asked to select a password, do not simply type in
password. That one is not too hard to crack.
 

  

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
of the mail.

Next message: InfoSec News: "[ISN] Murdoch security chief linked to TV piracy site"
Previous message: InfoSec News: "[ISN] Teen Hacker's Offer To Help Leads To Felony Charges"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 14 2002 - 02:35:49 PST