-
August 18th, 2004, 02:46 PM
#1
Stealing password? What could be easier?
Almost all internet and online banking users leave themselves open to fraudsters by using predictable passwords and ingnoring elementary requirements of computer security.
The research claims that 21% of people used their own or their partner's nicknames for their passwords, 15% used their birthdays or anniversaries and 15% used names of their pets. About 14% had a family members' name as their password, 7% relied on a memorable date, and 2% even unimaginatively used the word password. Just under a third of people admitted they had shared their password with their partner, while 16% had told a member of their family, and just half of those questioned were confident no-one else knew their log-in details.
It is not surprising that malefactors don't even use their hackers skills attempting to break into someone else's computer network. Knowing details of private lives of their victims helps much more. The most reliable way to sort out a password is so-called "brute force" - simple figuring out the key among all possible words in the ductionary.
Hugo Bottelier, vice president of Visa Europe, said,"Of course, it is important that our passwords are personal and meaningful to us, but also that they are difficult to decipher and not easily guessed."
Survey Shop questioned 1,005 internet users by telephone during March.
Source : http://www.crime-research.org/news/17.08.2004/567/
-
August 18th, 2004, 02:52 PM
#2
once again, you can't beat the news post whore -- j/k -- anyway, this article seems to be a little broad -- i did a study like this of college students for a class i had last semester and 43% used family or partner's names, 17% used pet's names, 14% used dates, 10% used home towns and the rest used secure passwords...
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
August 18th, 2004, 03:23 PM
#3
Two or three years ago, a listing of 151000 passwords from a major hosting provider had been published by a hacking group. Results were simply horrible: If we except the classical "1234", "qwerty" and "abcdef", the couple of n°1 passwords was "sun" and "hello"!!!
Time had passed, but results have remained the same. It's really an education issue.
Life is boring. Play NetHack... --more--
-
August 18th, 2004, 03:28 PM
#4
There is only one way to prevent users from using easy to guess passwords is to enforce some guidelines in the operating system or web site that the user will have to follow to create passwords and it also should prompt them to change it every so often. plus prevent the user from using the same password twice or a better measure of the two is to use one time password use it once throw it away.
-
August 18th, 2004, 03:30 PM
#5
Network admins password rank:
1) master
2) root
3)admin
4) cisco
5) system
6) product name
so most sysadmins can be on "dumbass" list too...
Meu sítio
FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
If I die before I sleep, I pray the Lord my soul to encrypt. If I die before I wake, I pray the Lord my soul to brake.
-
August 18th, 2004, 03:32 PM
#6
Then to interpulate the data from those two sources: The original artical had 19% that 'could' have been using secure passwords and good security practices and in djscribble's data only 16% were secure. 3% difference is not alot, so to say they were virtually the same is valid.
Any way you look at it 85% of the users on the internet (give or take 5%) use very shitty passwords andn ultra poor security practices.
That extreamly good odds for the hacker/cracker/conman (person) to draw to. Now damn it all.....why am I honest.....oh yes, moral values.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
August 18th, 2004, 03:38 PM
#7
Back when I was an NT admin I used to check our password strength every now and then.
I usually found 80-90% of the passwords during the dictionary fase, in about 5 min.
Unfortunately some of those found within 5 min. belonged to other admins
Oliver's Law:
Experience is something you don't get until just after you need it.
-
August 18th, 2004, 04:07 PM
#8
Ouch. Its starting to get a little better though, you can now at least set group policy to demand a stronger password. Your story is similair to a lot of peoples I am sure, including me.
kr5kernel
(kr5kernel at hotmail dot com)
Linux: Making Penguins Cool Since 1994.
-
August 18th, 2004, 04:38 PM
#9
what is nice is that in microsoft policy you can enable password complexity requirements, HOWEVER, i do wish that rather than just length you could also specify that a password must have 3 of the 4 following elements
capital letters
lowercase letters
numbers
symbols
i also wish that windows would check the password to make sure that it isn't something stupid like Bunny45 since i know in programs like l0phtcrack there is the option where you can have some type of advanced dictionary attack where it mutates the dictionary slightly...
[gloworange]find / -name \"*your_base*\" -exec chown us:us {} \\;[/gloworange] [glowpurple]Trust No One[/glowpurple][shadow] Use Hardened Gentoo [/shadow]
CATAPULTAM HABEO. NISI PECUNIAM OMNEM MIHI DABIS, AD CAPUT TUUM SAXUM IMMANE MITTAM
-
August 18th, 2004, 04:48 PM
#10
Hmm...............I can see that people use passes that are easy to remember, but that is not necessarily bad IMHO.
For example, if you have a dog called "Bouncer" then that would be an easily cracked pass using simple dictionary methods, but how about:
^BoUnCeR~123$%abc9*
Not that much more difficult to remember, but a hell of a lot more difficult to crack?
Just a thought, and as I have commented before, a lot of users are ignorant, rather than stupid..........do you run any sort of security awareness programme on your site?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|