MySpace Users Have Stronger Passwords Than Employees 263
Ant writes "A Wired News column reports on Bruce Schneier's analysis of data from a successful phishing attack on MySpace, and compares the captured user-passwords to an earlier data-set from a corporation. He concludes that MySpace users are better at coming up with good passwords than corporate drones." From the article: "We used to quip that 'password' is the most common password. Now it's 'password1.' Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long."
Okay... (Score:5, Insightful)
It doesn't matter how strong their password is if they are still giving it to whoever asks for it.
More to lose (Score:5, Insightful)
Re:The Lesson? (Score:5, Insightful)
Which do you care more about? (Score:3, Insightful)
Re:Password1? (Score:3, Insightful)
Only because someone made him use at least one numeral.
Stronger Passwords (Score:5, Insightful)
Passwords Expire (Score:5, Insightful)
The corporate drones have to deal with passwords that expire every 30/60/90 days, and once expired those passwords can never be reused. So creating a hard password and then remembering it is not so trivial. The myspace users can come up with one hard password and keep it forever.
why alphanumeric? (Score:0, Insightful)
Why the great obsession with alphanumeric password? Is adklfjsldfjsdf harder to crack than adklf123dfjsdf? Doesn't the crackability depend on length of the password?
Re:Passwords Expire (Score:5, Insightful)
fear and netspeak (Score:5, Insightful)
1) They're terrified of their peers breaking in and sabotaging their profiles. (I once got assaulted by a drunk girl I knew who thought I hacked her LiveJournal... which I didn't.)
2) They can't spell worth shit, due to netspeak, so typical dictionary approaches aren't going to work.
Also, you have to take into account the basic fact that younger people have grown up around computers, and understand the concept of passwords a bit better than your average middle-aged office worker.
Duh! (Score:4, Insightful)
Are myspace users really more security consious? Or are the typical demographics those people who tend to use oddball non-English words and text phrases that end up being "good passwords". yourmom69
Re:The Lesson? (Score:5, Insightful)
Re:Duh! (Score:4, Insightful)
Password Rotation Insanity (Score:3, Insightful)
I understand the theory that it makes it tough on the crackers, of course, but that theory presumes that all other things are equal. I don't believe they are.
that is terrible advice (Score:1, Insightful)
Statistics from phishing attacks are wrong! (Score:3, Insightful)
The quality of passwords has nothing to do with the type of people that where scammed, but with the difficulty of detecting the spam.
Re:i'm not suprised (Score:2, Insightful)
Re:Duh! (Score:4, Insightful)
Au contraire! It shows that MySpace users value their virtual presence more than corporate users value data security on the corporate network. Not the same thing. Most people don't get fired for choosing a shit password and getting the company hacked up.
Re:Duh! (Score:3, Insightful)
Riddle me this Batman.
How is a password from sample A more secure than sample B when BOTH sample A and B's passwords were compromised?
Re:Duh! (Score:1, Insightful)
Re:Password1? (Score:2, Insightful)
Not a drawable conclusion (Score:2, Insightful)
So yes, you could say what the article title says, but that's hardly even close to accurate. What's more likely is that myspace users are LESS security conscious and that myspace requires numbers.
Bias (Score:2, Insightful)