|
When a specialist programming website called
phpbb.com was recently hacked, the passwords
of its 20,000 members were stolen and posted
on the Internet for all to see. Whilst this
must have caused great concern to the site
and its subscribers, analysis conducted on
these passwords by security blogger Robert
Graham is now providing a useful security
lesson for the rest of us.
Include numbers and symbols to avoid
dictionary words
In spite of best practice recommendations to
include numbers and punctuation symbols in a
password, almost two thirds (64%) of users
on this website were happy to use a word
straight from the English dictionary. Of
this group, the vast majority chose a simple
term such as “apple” rather than an abstract
concept or a word with an unusual spelling.
First names make it easier for hackers
Equally striking was that 16 per cent of the
passwords used were names, making it far
easier for a would-be hacker to access the
account of somebody whose identity he knows.
Robert Graham found that the majority of
names used were common ones such as Joshua,
Michael and Jordan. He speculates that
Joshua may be a reference to the computer
password in the 1983 film Wargames, whilst
the other names probably refer the famous
basketball player.
Avoid keyboard patterns, variations on
'password' and other common phrases
14 per cent of passwords derived from
patterns on the keyboard such as “1234”,
“qwerty” or “asdf” and 4 per cent were
simple variations on the word password such
as “passw0rd” and “password1”.
Other popular passwords were categorised as
‘pop-culture references’ such as films and
band names, ‘things nearby’ such as Computer
manufacturer names, ‘swear words’ and
‘sports references’. In fact, ‘Arsenal’ and
‘Liverpool’ regularly feature in the top 10
list of UK passwords – but are they sporting
references or swear words?
Below is the top 20 list of passwords from
the phpbb.com database. Needless to say, if
your own password appears on this list, you
may wish to consider changing it.
|
