Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

MySpace Users Have Stronger Passwords Than Corporate Employees

Posted by Zonk on Thu Dec 14, 2006 03:36 PM
from the hardly-surprising dept.
Security The Internet
Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones." From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."
This discussion has been archived. No new comments can be posted.
MySpace Users Have Stronger Passwords Than Corporate Employees | Log In/Create an Account | Top | 263 comments (Spill at 50!) | Index Only | Search Discussion
Display Options Threshold:
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • Okay... (Score:5, Insightful)

    by eln (21727) on Thursday December 14 2006, @03:38PM (#17243498)
    So MySpace users are smart enough to pick somewhat secure passwords, but still dumb enough to fall for basic phishing attacks.

    It doesn't matter how strong their password is if they are still giving it to whoever asks for it.
    • Re:Okay... by biocute (Score:3) Thursday December 14 2006, @03:43PM

      • Re:Okay... (Score:5, Funny)

        by Brewskibrew (945086) on Thursday December 14 2006, @04:07PM (#17244066)
        Hello, this is http://slashdot.org./ [slashdot.org.] We're undergoing a routine security check and your account has been flagged as it is being accessed by computers in other countries. Please click "reply" to this post and enter your userid, password, shoe size, and iq so that your account can be unlocked. Failure to do so indicates that you are a non-compliant individual and appropriate steps will be taken.
        [ Parent ]

        • Re:Okay... (Score:4, Funny)

          by Dabido (802599) on Friday December 15 2006, @02:40AM (#17251550)
          You're going to have trouble typing my password, as it's 6.4 characters long. The first six characters are 'passwo' The .4 consists of 'r' and 'd' type in such a way as to only use 0.2 of each. :-)
          [ Parent ]
        • Re:Okay... by Lemmeoutada Collecti (Score:2) Friday December 15 2006, @01:41PM
        • 2 replies beneath your current threshold.
    • Re:Okay... by chroot_james (Score:2) Thursday December 14 2006, @03:48PM

      • Re:Okay... (Score:5, Informative)

        by andreamer (937648) on Thursday December 14 2006, @04:25PM (#17244448)
        From a link in the article:

        "The attacker had registered a MySpace account named login_home_index_html, meaning that the MySpace page hosting the fake login, looked like a legitimate place where users would sign on to the service."

        So it was just a user page but it DID have myspace.com in the URL. The URL was:

        http://www.myspace.com/login_home_index_html [myspace.com]
        [ Parent ]
        • Re:Okay... by chroot_james (Score:2) Thursday December 14 2006, @05:13PM

    • Duh! (Score:4, Insightful)

      by EmbeddedJanitor (597831) on Thursday December 14 2006, @03:52PM (#17243772)
      Those corporate users that were dumb enough to fall for phishing had bad passwords. No suprises there. People prone to fishing are probably less securtity concious.

      Are myspace users really more security consious? Or are the typical demographics those people who tend to use oddball non-English words and text phrases that end up being "good passwords". yourmom69

      [ Parent ]

      • Re:Duh! (Score:4, Insightful)

        by daeg (828071) on Thursday December 14 2006, @03:54PM (#17243826)
        Just shows that MySpace users value their virtual presence more than corporate users value their jobs.
        [ Parent ]

        • Re:Duh! (Score:4, Insightful)

          by drinkypoo (153816) <martin.espinoza@gmail.com> on Thursday December 14 2006, @04:42PM (#17244744)
          (http://www.hyperlogos.org/ | Last Journal: Wednesday July 18, @08:19PM)
          Just shows that MySpace users value their virtual presence more than corporate users value their jobs.

          Au contraire! It shows that MySpace users value their virtual presence more than corporate users value data security on the corporate network. Not the same thing. Most people don't get fired for choosing a shit password and getting the company hacked up.

          [ Parent ]
          • Re:Duh! by hackstraw (Score:3) Thursday December 14 2006, @05:16PM
            • Re:Duh! by Pollardito (Score:2) Thursday December 14 2006, @06:04PM
              • Re:Duh! by Arancaytar (Score:1) Friday December 15 2006, @10:06AM

            • Re:Duh! (Score:4, Interesting)

              by SeaFox (739806) on Thursday December 14 2006, @06:31PM (#17246606)
              How is a password from sample A more secure than sample B when BOTH sample A and B's passwords were compromised?

              They were both compromised by social engineering. Which allows us to see the passwords people are choosing and find that corporate passwords are more venerable to brute force attacks.
              [ Parent ]
              • Re:Duh! by hackstraw (Score:3) Thursday December 14 2006, @10:15PM
              • Re:Duh! by complete loony (Score:2) Friday December 15 2006, @12:46AM
              • Re:Duh! by Geoffreyerffoeg (Score:2) Friday December 15 2006, @01:04AM
              • I for one... by the0 (Score:1) Friday December 15 2006, @01:32AM
              • Re:Duh! by xappax (Score:2) Friday December 15 2006, @02:12PM
            • Re:Duh! by silas_moeckel (Score:3) Thursday December 14 2006, @09:15PM
      • Re:Duh! by Anonymous Coward (Score:1) Thursday December 14 2006, @05:02PM
      • Re:Duh! by Anonymous Coward (Score:1) Thursday December 14 2006, @05:49PM
      • 1 reply beneath your current threshold.

    • Re:Okay... (Score:4, Funny)

      by Anonymous Coward on Thursday December 14 2006, @03:52PM (#17243782)
      Wow. We MySpace usrz hav BetA security. hu wouldve thunk it. It's not lIk Im doin NEthing dfrnt. Im not lIk tinkN security 24-7.
      [ Parent ]
      • MOD PARENT INSIGHTFUL by chaosite (Score:2) Thursday December 14 2006, @04:25PM

        • Re:MOD PARENT INSIGHTFUL (Score:4, Informative)

          by drinkypoo (153816) <martin.espinoza@gmail.com> on Thursday December 14 2006, @04:44PM (#17244796)
          (http://www.hyperlogos.org/ | Last Journal: Wednesday July 18, @08:19PM)
          Not really. Most cracking software knows that a letter k might be k, K, |<, et cetera. It makes things take a little longer but most check for such substitutions by default now.
          [ Parent ]

        • Re:MOD PARENT INSIGHTFUL (Score:5, Interesting)

          by RicktheBrick (588466) on Thursday December 14 2006, @06:10PM (#17246292)
          I never worry about passwords. I would not worry if someone else knew my password for slashdot. What would they do with it? The only thing they could do it make comments in my name. Even with my bank accounts the only thing they can do it to see how much money I have and transfer money between two of my accounts. If someone wanted to be super mean they could transfer all my checking account money into my savings account and thus cause any checks I write to bounce. They still would not get any personal gain from it. If passwords are such a problem let me suggest a hardware fix. Let there be two passwords. A local password that the user would remember and a password that would be sent out. There would be a table on either the hard drive or a usb flash memory card for the lookup of the secondary password. Since no one would have to memorize or even know the secondary password it could be a 100 randomly generated characters and could be changed every time the user access the account. If one uses the usb flash memory than one could take it with them for use on another computer and by removing it from the computer prevent any other user on that computer from accessing their account. If it is that big a problem than a fix like that would have been used a long time ago.
          [ Parent ]
        • Re:MOD PARENT INSIGHTFUL by alphasubzero949 (Score:1) Friday December 15 2006, @01:12AM
    • Re:Okay... by Kotukunui (Score:1) Thursday December 14 2006, @03:59PM
      • Re:Okay... by Thalagyrt (Score:1) Thursday December 14 2006, @04:44PM

    • Re:Okay... (Score:5, Informative)

      by h2g2bob (948006) on Thursday December 14 2006, @04:23PM (#17244410)
      (http://en.wikipedia.org/wiki/User:H2g2bob)
      Or maybe it's just the fact that Myspace requires new users to have a number in the password!
      [ Parent ]
      • Re:Okay... by nschubach (Score:1) Thursday December 14 2006, @05:52PM
    • Re:Okay... by risk one (Score:3) Thursday December 14 2006, @05:33PM
    • Re:Okay... by Darthmalt (Score:2) Thursday December 14 2006, @05:41PM

    • Re:Okay... (Score:5, Funny)

      by ceoyoyo (59147) on Thursday December 14 2006, @05:48PM (#17245928)
      Maybe MySpace users just can't spell....
      [ Parent ]
      • Re:Okay... by Cryssen (Score:1) Friday December 15 2006, @10:58AM
      • 1 reply beneath your current threshold.
    • Re:Okay... by Mr. Underbridge (Score:2) Thursday December 14 2006, @05:52PM
    • Re:Okay... by CAIMLAS (Score:2) Thursday December 14 2006, @09:12PM

  • The Lesson? (Score:5, Interesting)

    by lunartik (94926) on Thursday December 14 2006, @03:39PM (#17243502)
    (http://www.asylumnation.com/ | Last Journal: Monday December 16 2002, @10:51AM)
    This may not mean that "passwords are getting better." It may just prove once again that people care more about their personal things than other people's stuff.

    • Re:The Lesson? (Score:5, Insightful)

      by Cat_Byte (621676) on Thursday December 14 2006, @03:40PM (#17243538)
      (Last Journal: Thursday November 03 2005, @02:42PM)
      I tend to think people come up with a really good password, then they have to come up with 12 others in a row after each expires and disallows reusing an old one.
      [ Parent ]

      • Re:The Lesson? (Score:5, Insightful)

        by lpcustom (579886) on Thursday December 14 2006, @03:53PM (#17243800)
        Yeah I agree. The time limits on passwords cause most people to just come up with something easier to remember. Why should I have to change my password every 30 days if it's something like Mxo2s0LLn234aAZSQ If I can't even get it right I'm sure no one else is going to guess it. There shouldn't be a need to change it.
        [ Parent ]
        • Re:The Lesson? by Hijacked Public (Score:3) Thursday December 14 2006, @04:06PM
          • Re:The Lesson? by swimin (Score:1) Thursday December 14 2006, @04:20PM
            • Re:The Lesson? by speculatrix (Score:2) Thursday December 14 2006, @04:57PM
              • Re:The Lesson? by ceoyoyo (Score:2) Thursday December 14 2006, @05:56PM
              • Re:The Lesson? by fishbowl (Score:1) Thursday December 14 2006, @07:13PM
              • Re:The Lesson? by speculatrix (Score:2) Thursday December 14 2006, @06:41PM
        • Maybe, but... by schwaang (Score:2) Thursday December 14 2006, @05:02PM
        • 1 reply beneath your current threshold.
      • Re:The Lesson? by Vlad_the_Inhaler (Score:3) Thursday December 14 2006, @04:08PM
    • Re:The Lesson? by Truman Starr (Score:1) Thursday December 14 2006, @03:50PM
      • Re:The Lesson? by Curien (Score:2) Thursday December 14 2006, @03:55PM
        • Re:The Lesson? by JourneymanMereel (Score:2) Thursday December 14 2006, @04:36PM
          • Re:The Lesson? by fishbowl (Score:1) Thursday December 14 2006, @07:15PM
          • Re:The Lesson? by Curien (Score:1) Friday December 15 2006, @12:44AM
          • Re:The Lesson? by JourneymanMereel (Score:2) Friday December 15 2006, @08:27AM
          • 1 reply beneath your current threshold.
        • Re:The Lesson? by Truman Starr (Score:1) Thursday December 14 2006, @05:07PM
    • Re:The Lesson? by prodangle (Score:2) Thursday December 14 2006, @04:58PM
  • Password1? by spun (Score:2) Thursday December 14 2006, @03:39PM
    • Re:Password1? by Rob the Bold (Score:3) Thursday December 14 2006, @03:42PM
    • Re:Password1? by MorderVonAllem (Score:1) Thursday December 14 2006, @03:52PM
      • Re:Password1? by pete6677 (Score:2) Thursday December 14 2006, @06:14PM
      • 1 reply beneath your current threshold.
    • Re:Password1? by 0kComputer (Score:2) Thursday December 14 2006, @04:18PM

  • The three most commonly used passwords are... (Score:4, Funny)

    by Pojut (1027544) on Thursday December 14 2006, @03:39PM (#17243510)
    "Love, Sexxxx, and...GOD. So, would her royal highness care to change her password?"

  • Security through obscurity? (Score:4, Funny)

    by GoodbyeBlueSky1 (176887) <joeXbanks@@@hotmail...com> on Thursday December 14 2006, @03:40PM (#17243524)

    ...found that the average password was 6.4 characters long.
    What kind of newfangled keyboard do you need to type one of those in?!

  • nobody can guess mine (Score:4, Funny)

    by zakeria (1031430) on Thursday December 14 2006, @03:40PM (#17243530)
    (http://www.zakeria.org/)
    I use this password ;#E4][££2&9a for everything.. Oops?
    • Re:nobody can guess mine by Professor_UNIX (Score:1) Thursday December 14 2006, @03:46PM

    • Re:nobody can guess mine (Score:5, Funny)

      by kaizenfury7 (322351) on Thursday December 14 2006, @03:58PM (#17243896)
      Don't worry... all we saw was:

      I use this password ************ for everything.. Oops?
      Slashcode is pretty advanced like that... it has filters that automatically hide your personal information in case you accidentally post it. Try posting your ATM PIN or social security code and see how advanced those filters are.
      [ Parent ]

      • Re:nobody can guess mine (Score:5, Funny)

        by Tired_Blood (582679) on Thursday December 14 2006, @04:09PM (#17244122)
        Don't worry... all we saw was:

        I use this password ************ for everything.. Oops?

        Slashcode is pretty advanced like that... it has filters that automatically hide your personal information in case you accidentally post it. Try posting your ATM PIN or social security code and see how advanced those filters are.


        "you can go hunter2 my hunter2-ing hunter2"

        *Cough* [bash.org]
        [ Parent ]

  • i'm not suprised (Score:5, Funny)

    by JeanBaptiste (537955) on Thursday December 14 2006, @03:40PM (#17243532)
    a 14 year old cares far more about their social life than most adults care about their jobs.

  • More to lose (Score:5, Insightful)

    by CastrTroy (595695) on Thursday December 14 2006, @03:40PM (#17243534)
    (http://www.kibbee.ca/)
    It's because the MySpace users have more to lose. They don't want someone defacing their website. Employees on the other hand probably don't care if someone logs into their computer.

  • Which do you care more about? (Score:3, Insightful)

    by liak12345 (967676) on Thursday December 14 2006, @03:41PM (#17243548)
    This shouldn't be groundbreaking news. Myspace accounts deal with personal part of people's lives and they don't want it interfered with. Which individuals have a vested interested in corporate security?

  • Stronger Passwords (Score:5, Insightful)

    by Joe The Dragon (967727) on Thursday December 14 2006, @03:42PM (#17243572)
    It easy to have Strong Passwords when you don't need to change them all the time and can't reuse parts of the old password in the new password.

  • Passwords Expire (Score:5, Insightful)

    by Mr_Blank (172031) on Thursday December 14 2006, @03:42PM (#17243576)
    (Last Journal: Sunday February 08 2004, @10:48AM)

        The corporate drones have to deal with passwords that expire every 30/60/90 days, and once expired those passwords can never be reused. So creating a hard password and then remembering it is not so trivial. The myspace users can come up with one hard password and keep it forever.
  • Pr0gr355 by Doc Ruby (Score:2) Thursday December 14 2006, @03:42PM
    • Re:Pr0gr355 by deadlock911 (Score:1) Thursday December 14 2006, @04:51PM
      • 1 reply beneath your current threshold.
    • Re:Pr0gr355 by greed (Score:1) Thursday December 14 2006, @05:25PM
      • Re:Pr0gr355 by Doc Ruby (Score:2) Thursday December 14 2006, @08:08PM
    • Re:Pr0gr355 by rrkap (Score:2) Thursday December 14 2006, @06:05PM
    • Re:Pr0gr355 by slackmaster2000 (Score:2) Thursday December 14 2006, @07:31PM
      • Re:Pr0gr355 by Doc Ruby (Score:2) Thursday December 14 2006, @08:12PM
    • Re:Pr0gr355 by Doc Ruby (Score:2) Thursday December 14 2006, @04:08PM
      • Re:Pr0gr355 by deesine (Score:1) Thursday December 14 2006, @04:51PM
        • 1 reply beneath your current threshold.
      • 1 reply beneath your current threshold.
    • 1 reply beneath your current threshold.
  • You're ignoring the obvious by neimon (Score:1) Thursday December 14 2006, @03:45PM
    • 1 reply beneath your current threshold.

  • Awesome statistic (Score:4, Interesting)

    by billdar (595311) * <yap> on Thursday December 14 2006, @03:45PM (#17243616)
    The best quote is from the article linked within the article:

    "I was surprised about how many Christian-sounding -- for example, "Ilovejesus" -- log-on names were associated with the worst cuss words."

    Draw your own conclusions, but I think there might be something to this.

    (and yes I did RTFA+LFA, do I lose my subscription?)

  • password1??? by Rob T Firefly (Score:2) Thursday December 14 2006, @03:48PM

  • fear and netspeak (Score:5, Insightful)

    by Kenshin (43036) <kenshin@l[ ]rworks.ca ['una' in gap]> on Thursday December 14 2006, @03:49PM (#17243702)
    (http://lunarworks.ca/)
    I figure there's two main reasons for this:

    1) They're terrified of their peers breaking in and sabotaging their profiles. (I once got assaulted by a drunk girl I knew who thought I hacked her LiveJournal... which I didn't.)

    2) They can't spell worth shit, due to netspeak, so typical dictionary approaches aren't going to work.

    Also, you have to take into account the basic fact that younger people have grown up around computers, and understand the concept of passwords a bit better than your average middle-aged office worker.
  • It's fun writing in-house software by Mr Muppet (Score:1) Thursday December 14 2006, @03:50PM
  • My password ideas by Non-CleverNickName (Score:1) Thursday December 14 2006, @03:54PM
  • evil monkey in my closet by coldsleep (Score:1) Thursday December 14 2006, @03:54PM

  • This is all wrong... (Score:5, Funny)

    by creimer (824291) on Thursday December 14 2006, @03:54PM (#17243834)
    (http://www.creimer.ws/ | Last Journal: Friday January 26 2007, @12:40PM)
    MySpace passwords would fail more often if a l33t dictionary was used instead. Do kids even know words from a plain old dictionary?
    • Re:This is all wrong... by greed (Score:1) Thursday December 14 2006, @05:05PM
    • i'm 17. by spoondisaster (Score:1) Thursday December 14 2006, @08:17PM
      • 1 reply beneath your current threshold.
  • usernames by zakeria (Score:1) Thursday December 14 2006, @03:57PM

  • Dictionary words? (Score:5, Funny)

    by chrisb33 (964639) on Thursday December 14 2006, @03:59PM (#17243924)
    (http://www.chrisbaldassano.com/)

    I'm impressed that less than 4 percent were dictionary words
    Considering only 10 percent of the words on myspace are dictionary words to begin with, this isn't very surprising.

    Maybe the users just used their usernames as passwords - that would probably be the best way to generate a random sequence of characters.

  • Don't be impressed. (Score:4, Interesting)

    by Anonymous Coward on Thursday December 14 2006, @04:02PM (#17243976)
    I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric.

    I'm not. MySpace users have good passwords because MySpace requires them to, not because they're savvy. "Your password must contain at least one number and one punctuation mark," etc.
  • Of course they do by vitaflo (Score:2) Thursday December 14 2006, @04:02PM
  • Easy way of generating password from passphrase. by Chyeburashka (Score:2) Thursday December 14 2006, @04:03PM

  • It's obvious! (Score:3, Funny)

    by AntEater (16627) on Thursday December 14 2006, @04:04PM (#17244026)
    (http://slashdot.org/)
    Of course dictionary attacks won't work - have you seen the spelling on MySpace?!? It's not that they are trying to be more secure, it's that the users can't spell well enough to get a dictionary match.

    Getoffamylawn!
  • It makes sense by Cro Magnon (Score:2) Thursday December 14 2006, @04:04PM
  • this doesn't say that much... by shotgunsaint (Score:1) Thursday December 14 2006, @04:07PM
  • How to make your password more secure by mattnuzum (Score:1) Thursday December 14 2006, @04:14PM
  • Agrre with $Previousposter by bishbashbosh (Score:1) Thursday December 14 2006, @04:21PM
  • password strenght enforced by itsdave (Score:1) Thursday December 14 2006, @04:21PM
  • .gz? by mattpointblank (Score:2) Thursday December 14 2006, @04:22PM

  • Statistics from phishing attacks are wrong! (Score:3, Insightful)

    by tradeoph (691427) on Thursday December 14 2006, @04:25PM (#17244438)
    You can't compare the passwords from two different phishing attacks. You only get the passwords from people who fall for the scam. If one scam is easier to detect than the other one, then one sample will contain passwords from dumber people than the other sample.

    The quality of passwords has nothing to do with the type of people that where scammed, but with the difficulty of detecting the spam.

  • How many do they have? by gelfling (Score:2) Thursday December 14 2006, @04:26PM
  • sometimes corporate users can't choose passwords by artifex2004 (Score:2) Thursday December 14 2006, @04:30PM
  • I kinda question the validity of this experiment.. by rainman_bc (Score:2) Thursday December 14 2006, @04:35PM

  • MySpace requires strong passwords (Score:3, Informative)

    by D H NG (779318) on Thursday December 14 2006, @04:38PM (#17244690)
    The only reason MySpace users have stronger passwords is because they're required to. Try signing up to MySpace with a weak password (i.e. without numeric characters) and see what I mean. I signed up for MySpace for a throwaway account with an easy-to-remember password, but couldn't.

  • learning at age 6 (Score:4, Interesting)

    by bcrowell (177657) on Thursday December 14 2006, @04:43PM (#17244770)
    (http://www.lightandmatter.com/)
    Computer security is something that kids are learning at younger ages these days. Case in point: My 6-year-old daughter plays a flash game called clubpenguin.com, which is basically a MUD where you're a penguin and you go around playing video games, socializing with other penguins, taking care of your pet, etc. Yesterday at school, her friend asked her for her login info, and she gave it to her. Yesterday evening, my daughter finished her homework, tried to log on, and got a message saying she'd been banned for 24 hours for cussing, and the time when her penguin was cussing was a time when she hadn't been on the computer. No big deal, but at age 6, she's now had a concrete experience that shows her how it's not a good idea to give your password to someone else, even someone you think you can trust.
  • shows that myspace users can't spell by muftak (Score:1) Thursday December 14 2006, @04:59PM
  • Enough with passwords, use a passphrase by pedropolis (Score:1) Thursday December 14 2006, @05:01PM
  • MakeMeAPassword.com --- plug by mgkimsal2 (Score:2) Thursday December 14 2006, @05:02PM
  • Some differences by bgspence (Score:2) Thursday December 14 2006, @05:24PM
  • That's Not What Schneier Said by smilerz (Score:1) Thursday December 14 2006, @05:25PM
  • ha ha by thegnu (Score:1) Thursday December 14 2006, @05:32PM
  • It's because by G00F (Score:2) Thursday December 14 2006, @05:49PM
  • As we all know... by BitwizeGHC (Score:2) Thursday December 14 2006, @05:57PM
  • Do Myspace users have to change every 60/90 days? by Maxo-Texas (Score:2) Thursday December 14 2006, @06:14PM
  • Of course they do by bxbaser (Score:1) Thursday December 14 2006, @06:18PM
  • Not a drawable conclusion by Jarjarthejedi (Score:2) Thursday December 14 2006, @06:46PM
  • Excellent Security by Namlak (Score:2) Thursday December 14 2006, @07:12PM
  • Tags by cibyr (Score:1) Thursday December 14 2006, @10:19PM
  • Bias by insertwackynamehere (Score:2) Thursday December 14 2006, @10:47PM
  • It's a good thing... by Grismar (Score:1) Friday December 15 2006, @04:08AM
  • not surprising by wikinerd (Score:2) Friday December 15 2006, @07:51AM
  • Re:why alphanumeric? by JeanBaptiste (Score:1) Thursday December 14 2006, @03:57PM
  • Re:Try it! by RagingFuryBlack (Score:1) Thursday December 14 2006, @04:03PM
    • 1 reply beneath your current threshold.
  • Re:Long passwords by zakeria (Score:1) Thursday December 14 2006, @04:05PM

  • Re:why alphanumeric? (Score:3, Informative)

    by TranscendentalAnarch (1005937) on Thursday December 14 2006, @04:07PM (#17244088)
    It depends on length and the character set.  Many cracking programs, brute force cracks, will iterate through all possible combinations of a character set up to a certain length.  This lets the program find simpler passwords faster.

    With just alphabetic characters and a 6 character length you have about 26^6 or about 308 million possibilities

    With alphanumeric characters and a 6 character length you have about 36^6 or about 2.1 billion possibilities

    Extending to common non-alphanumeric characters (using shift+#) adds another 10, 46^6 or 9.4 billion possibilities

    By comparison, changing the length of the previous examples:

    Alpha: 26^7 = 8 billion
    Alphanumeric: 36^7 = 78 billion
    Extended with non-alphanumeric: 435 billion

    So "crackability" as you dub it, is influenced heavily by the length of the password, but it is also greatly influenced by the character set used.

    As for whether "adklfjsldfjsdf" is harder to crack than "adklf123dfjsdf".

    "adklfjsldfjsdf" is 15 in length and alpha characters only (26^15)
    "adklf123dfjsdf" is 15 in length and alphanumeric (36^15)

    1,677,259,342,285,725,925,376 is less than 221,073,919,720,733,357,899,776

    So the alphanumeric one is definitely more secure.
    [ Parent ]
  • Re:Try it! by Vlad_the_Inhaler (Score:2) Thursday December 14 2006, @04:18PM
  • Re:why alphanumeric? by multipart/mixed (Score:2) Thursday December 14 2006, @04:45PM
  • Re:fractions by Technician (Score:2) Thursday December 14 2006, @05:04PM
  • Re:fractions by dotgain (Score:1) Thursday December 14 2006, @10:07PM
  • 15 replies beneath your current threshold.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 SourceForge, Inc.