Report: Net users picking safer passwords

By Joris Evers
Staff Writer, CNET News.com Published: December 15, 2006 4:45 PM PST

Tools

Related Stories: MySpace to Apple: Fix that worm
December 5, 2006; BT snaps up Counterpane Internet Security
October 25, 2006; Phishers catch on to the Net's 'long tail'
September 12, 2006; Gates: End to passwords in sight
February 14, 2006

A sample of login information from 34,000 MySpace.com members seems to indicate that Internet users are getting better at picking more secure passwords, according to a prominent security expert.

The average password is 8 characters long and 81 percent of those in the sampling consist of both letters and numbers, Bruce Schneier, chief technology officer of Counterpane Internet Security, wrote in an article published on Wired News Thursday. One of the users in the sample even had a 32-character password: "1ancheste23nite41ancheste23nite4."

One problem, though, is that all the passwords Schneier inspected were obtained through a phishing scam. Attackers created a fake MySpace login page and tricked users into thinking they had to enter their credentials to access their account on the social-networking site. Schneier obtained the list via a security industry colleague, he wrote.

The five most common passwords are: password1, abc123, myspace1, password and blink182 (a band), according to Schneier. Only 3.8 percent of passwords are a single word found in a dictionary, and another 12 percent are a word plus a final digit, two-thirds of the time that digit is 1, he wrote.

"We used to quip that 'password' is the most common password. Now it's 'password1'. Who said users haven't learned anything about security?" Schneier wrote. "Seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric."

Still, passwords have outlived their usefulness, according to Schneier. Password crackers are so fast that they can test millions of passwords per second. Also, people in general dislike having to remember multiple passwords. Still, passwords continue to be commonplace; even Bill Gates hasn't been able to change that yet.

More from News.com on this story's topics: Fraud
RSS feed; Spam and phishing
Create an email alert | RSS feed; Social networks
RSS feed; Security
Create an email alert | RSS feed; Security threats
Create an email alert | RSS feed; News Corp.
RSS feed

See more CNET content tagged:
password, News Corp., Internet user, phishing, MySpace

RSS Feeds: Add headlines from CNET News.com to your homepage or feedreader.; Google; Yahoo; MSN; More feeds available in our RSS feed index.

Latest tech news headlines

eBay to lower sellers' fixed-price fees
Posted in News - Digital Media by Steven Musil

August 19, 2008 11:00 PM PDT
Why can't Firefox print as well as Internet Explorer?
Posted in Defensive Computing by Michael Horowitz

August 19, 2008 10:25 PM PDT
Big Blue's latest big dollar bet on cloud computing
Posted in Coop's Corner by Charles Cooper

August 19, 2008 9:22 PM PDT