A Brief Sony Password Analysis 276
troyhunt writes "With all this [Sony] customer data now unfortunately out there for public viewing, I thought it would be interesting to do some analysis on password practices. There are some rather alarming (although not entirely surprising) findings including: 36% of passwords appear in a common password dictionary. 50% of passwords are 7 characters or less. 67% of accounts on both Sony and Gawker use the same password. 82% of passwords are lowercase alphanumeric of 9 characters or less. 99% of passwords don't contain a single non-alphanumeric character."
As someone who probably fell into some of those (Score:5, Interesting)
Re:Best password practices (Score:2, Interesting)
I do somewhat of the same. My letters aren't random though. I typically have a phrase that I remember such as:
jack went to the store to buy some rice.
That would become jwttstbsr
Then append a number n (in this example we'll say n = 3)
Every nth letter in the original sequence becomes uppercase.
So then we get jwTtsTbsR3
Finally, append a single letter suffix designating what it's for. C for computer passwords, F for financial, S for social networking, E for email, W for general websites, etc.
I tend to change which password I'm using every now and then and this lets me keep track of it without having to write anything down (which I'd inevitably have to do for a COMPLETELY random sequence).
My Best Practices (Score:4, Interesting)
For my passwords I use the keys one-up-and-to-the-right of the "dictionary style" password I have. For example, for password this would come out as -wee305r, making it harder to brute force. Of course if the passwords are all stored plain text by some incompetents what's the point?!