Why passwords are easy to guess

Kristian Köhntopp writes in his blog (original text in German, quoted and translated with permission): (Translation begins) Fun Passwords Some entertaining fun password statistics from a client. Using a dictionary against the password file of the client's accounts results in a list of accounts with weak passwords, as follows: Some 0.2% of users have their nickname as a password or family name as a password. The most popular passwords in general are: user name, first name, family name, role name, "123456" or "secret"; "password" or "passwort" are equally popular and keyboard patterns a la "qwertz" are very popular. Men prefer passwords such as "secret" and various car brands. Women gravitate towards "sun", "sunhine" or "summer". Passwords are also a problem when users use the same password for different services. A user who loses his eBay password to a phishing attack will usually also lose access to his/her freemail account and his social network along with it. The phisher will log into eBay with the stolen user name, determine the eBay account's mail address and attempt to use this identity and eBay password to log into the freemail service. In far too many cases is such an attack successful. The freemail account and its password will then end up in some Trojan, being used to send spam and viruses through the freemailer as a relay. (Translation ends) This is a blog on the human side of security. Plain and simple, there is only a human side to security. I rest my case.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.