Why passwords have never been weaker—and crackers have never been stronger
-
The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them, according to a landmark study from 2007. As the Gawker breach demonstrated, such password reuse, combined with the frequent use of e-mail addresses as user names, means that once hackers have plucked login credentials from one site, they often have the means to compromise dozens of other accounts, too. Newer hardware and modern techniques have also helped to contribute to the rise in password cracking.
CrackMeIfYouCan!
-
The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them, according to a landmark study from 2007. As the Gawker breach demonstrated, such password reuse, combined with the frequent use of e-mail addresses as user names, means that once hackers have plucked login credentials from one site, they often have the means to compromise dozens of other accounts, too. Newer hardware and modern techniques have also helped to contribute to the rise in password cracking.
CrackMeIfYouCan!
Really good article, worth a read. Thanks for posting.
-
The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them, according to a landmark study from 2007. As the Gawker breach demonstrated, such password reuse, combined with the frequent use of e-mail addresses as user names, means that once hackers have plucked login credentials from one site, they often have the means to compromise dozens of other accounts, too. Newer hardware and modern techniques have also helped to contribute to the rise in password cracking.
CrackMeIfYouCan!
Very comprehensive article - I've learn't a lot, and amongst other things I think I now understand how "rainbow tables" work (although as the article points out, they are less used these days). Amongst other things, one of the things I've taken away from this is that if you are hashing users passwords, you should pick your hash carefully, and always use salt. I think it's almost criminal that companies like LinkedIn and Yahoo aren't doing this - considering some of the high profile failures recently I would hope that all big companies have plans to audit how user password hashes are stored in their databases.
Jon CodeWrite
-
The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them, according to a landmark study from 2007. As the Gawker breach demonstrated, such password reuse, combined with the frequent use of e-mail addresses as user names, means that once hackers have plucked login credentials from one site, they often have the means to compromise dozens of other accounts, too. Newer hardware and modern techniques have also helped to contribute to the rise in password cracking.
CrackMeIfYouCan!
-
It's that half password that's the problem! Only use whole passwords, they're twice as strong! ;P
Actually, its more expenential, not linear.
-
Actually, its more expenential, not linear.
-
The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them, according to a landmark study from 2007. As the Gawker breach demonstrated, such password reuse, combined with the frequent use of e-mail addresses as user names, means that once hackers have plucked login credentials from one site, they often have the means to compromise dozens of other accounts, too. Newer hardware and modern techniques have also helped to contribute to the rise in password cracking.
CrackMeIfYouCan!
Thanks for passing this on Terrence. Really valuable.
Tom Clement Serena Software, Inc. www.serena.com articles[^]