Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Sony IT

A Brief Sony Password Analysis 276

Posted by CmdrTaco from the change-it-now-people dept.
troyhunt writes "With all this [Sony] customer data now unfortunately out there for public viewing, I thought it would be interesting to do some analysis on password practices. There are some rather alarming (although not entirely surprising) findings including: 36% of passwords appear in a common password dictionary. 50% of passwords are 7 characters or less. 67% of accounts on both Sony and Gawker use the same password. 82% of passwords are lowercase alphanumeric of 9 characters or less. 99% of passwords don't contain a single non-alphanumeric character."
This discussion has been archived. No new comments can be posted.

A Brief Sony Password Analysis More

A Brief Sony Password Analysis

Comments Filter:

  • As someone who probably fell into some of those (Score:5, Interesting)

    by vawwyakr ( 1992390 ) on Monday June 06, 2011 @09:37AM (#36349424)
    My sony account only held the minimal information and some of that not correct. The PW I used was my public throw away password that I only use on sites that require me to register when I just need it to use a basic service and not enter anything not already public knowledge. So I'm not going to burn a good PW or spend my time trying to memorize a new one to use for something I really wouldn't care if they cracked and couldn't use the same PW on a site for which I care about it being cracked.

  • Re:Best password practices (Score:2, Interesting)

    by Anonymous Coward on Monday June 06, 2011 @09:48AM (#36349520)

    I do somewhat of the same. My letters aren't random though. I typically have a phrase that I remember such as:

    jack went to the store to buy some rice.

    That would become jwttstbsr

    Then append a number n (in this example we'll say n = 3)

    Every nth letter in the original sequence becomes uppercase.

    So then we get jwTtsTbsR3

    Finally, append a single letter suffix designating what it's for. C for computer passwords, F for financial, S for social networking, E for email, W for general websites, etc.

    I tend to change which password I'm using every now and then and this lets me keep track of it without having to write anything down (which I'd inevitably have to do for a COMPLETELY random sequence).

  • My Best Practices (Score:4, Interesting)

    by gregarican ( 694358 ) on Monday June 06, 2011 @09:55AM (#36349612) Homepage

    For my passwords I use the keys one-up-and-to-the-right of the "dictionary style" password I have. For example, for password this would come out as -wee305r, making it harder to brute force. Of course if the passwords are all stored plain text by some incompetents what's the point?!

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer

Close