[olug] [OT] Password study.
clundst at unlserve.unl.edu
Sun Dec 17 11:57:47 UTC 2006
>Honestly, much as it pains me to say it, I think the "average user"
>thinks little more about computer and password security than they did in
>years past. We still have a *long* way to go before it becomes
>ingrained into people that security is important, and not just an
The study in question was about MySpace accounts. I certainly have
different strength passwords for different things. MySpace would not
get a strong password from me (I have pretty weak passwords for shopping
accounts that don't store credit card info for instance). What would
have been more interesting is a study of, say, online banking passwords
or online credit card account passwords. These types of passwords are
far more likely to be a real measure of the strength of common user
Looking through the article at the long passwords, I think most of those
were clearly fat-fingered or typos. The fact that the long passwords
had repitition in them really makes me think the user's password is
shorter than advertised (working on a laptop with a touch pad can often
lead to that kind of thing as the mouse can be clicked into a field by
accident). As for the f*you as a password, I'd wager that that user
figured out it was a phishing attack.
I do know that we have users on our clusters that use weak, or
previously compromised passwords (which, if found out, will lose them
their account), but user password authentication isn't our real worry.
Our real security worry is a compromised system (via a break-in or
service flaw) not a compromised user. But we're not doing financal
stuff, nor is there any personal information on our research clusters.
Security for us is for maintaining service and keeping crackers and
spammers from gaining access to and abusing our systems.
Really, what does a compromised MySpace account get someone?
More information about the OLUG