The NY Times: Weak Passwords in the News
The NY Times: Weak Passwords in the News
Jan 25, 2010
Ashlee Vance’s story “If Your Password Is 123456, Just Make It HackMe” in The New York times reveals how weak passwords are at some websites. The story is based on analysis of password data that was exposed during the RockYou! data security breach. RockYou!, a Facebook widget developer, was hacked on Dec 9, 2009. The attacker was able to access a database that contained the usernames and unencrypted passwords of approximately 32 million users. After the attack, the list of stolen usernames and passwords was briefly posted on a website.
Imperva, a data security firm, analyzed the passwords and published their results in a data security study entitled “Consumer Password Worst Practices” (registration required). The report reveals the most popular passwords:
Password Popularity – Top 20 Passwords from Exposed RockYou! Database
from “Consumer Password Worst Practices,” Imperva, p. 4
The Times article has a good discussion about the problems associated with weak passwords. I draw two additional conclusions:
1.Website developers that don’t force users to choose good passwords, and who then store the weak passwords unencrypted, in clear text, should face legal consequences for negligence—they’re a menace to unsuspecting Internet users;
2.Users who choose ridiculously-obvious passwords (e.g., password, abc123, 1234, 12345, etc.) should have their Internet access suspended until they can pass a basic internet security awareness test.
—Jim Herbeck
NOUVEL Blogs > InfoSec in the News
©Copyright The New York Times Company