Another Password Analysis

Here is the original post by Bruce Schneier (the source text of my translation):

Here’s an analysis of 30,000 passwords from phpbb.com, similar to my analysis of 34,000 MySpace passwords:

The striking different between the two incidents is that the phpbb passwords are simpler. MySpace requires that passwords “must be between 6 and 10 characters, and contain at least 1 number or punctuation character.” Most people satisfied this requirement by simply appending “1” to the ends of their passwords. The phpbb site has no such restrictions—the passwords are shorter and rarely contain anything more than a dictionary word.

Seems like we still can’t choose good passwords. Conficker.B exploits this, trying about 200 common passwords to help spread itself.

Written by admin

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.