Password security not as easy as 123456

Monday, April 12, 2010 @ 10:04 PM gHale


There is a scene from the Mel Brooks classic movie “Spaceballs” where President Skroob is trying to learn the combination of a lock that will enable him to steal all the air left on Planet Druidia.

In the scene, Dark Helmet exclaims to the president, “we have the combination.”

President Skroob says “Great. Now we can take every last breath of fresh air from planet Druidia. What’s the combination?”

Dark Helmet says 1 2 3 4 5.

Then the president shoots back, “1 2 3 4 5? That’s amazing! I’ve got the same combination on my luggage!”

With the hike in knowledge about technology, things haven’t changed much as today, the most popular account password is “1 2 3 4 5 6.”

Despite all the reports of Internet security breaches over the years, including the recent attacks on Google’s e-mail service, many people have reacted to the break-ins with a shrug.

According to a new analysis, one out of five Web users still decides to leave the digital equivalent of a key under the doormat: they choose a simple, easily guessed password like “abc123,” “iloveyou” or even “password” to protect their data.

“I guess it’s just a genetic flaw in humans,” said Amichai Shulman, the chief technology officer at Imperva, which makes software for blocking hackers. “We’ve been following the same patterns since the 1990s.”

Shulman and his company examined a list of 32 million passwords that an unknown hacker stole last month from RockYou, a company that makes software for users of social networking sites like Facebook and MySpace. The list then appeared on line.

That list gave a detailed window into computer users’ password habits. Typically, only government agencies like the F.B.I. or the National Security Agency have had access to such a large password list.

Imperva found that nearly 1% of the 32 million people it studied had used “123456” as a password. The second-most-popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”

It also appeared that 20% of people on the RockYou list picked from the same, relatively small pool of 5,000 passwords.

That suggests that hackers could easily break into many accounts just by trying the most common passwords. Because of the prevalence of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

Why do so many people continue to choose easy-to-guess passwords, despite so many warnings about the risks?

The simple answer points to the fact we are simply overwhelmed by the sheer number of things we have to remember in this digital age, security experts said.

Experts suggest everyone choose at least two different passwords — a complex one for Web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.

“It’s like the joke where the hikers run into a bear in the forest, and the hiker that survives is the one who outruns his buddy,” Mr. Moss said. “You just want to run that bit faster.”



Leave a Reply

You must be logged in to post a comment.