Suggest OddsPassword? “Password”
IStock Photo 8562745 © Potapova Valeriya
Identity theft is no fun. Unfortunately, neither is coming up with a new password for every new email address, computer, social networking site, or bank account that crackles into our wired lives.
Last month, a hacker stole some 32 million user passwords from software company RockYou, which helps power popular social networking sites like MySpace and Facebook, and posted the private data, briefly, on the Web. It was just the latest in a series of security lapses that have exposed millions of citizens to possible hacking and identity theft.
The odds an American adult who uses the Internet uses it to do online banking are 1 in 2.44. The odds an adult has a Facebook or MySpace account are 1 in 2.08, and such social networking sites in particular have to balance ease of use with users’ security. Twitter, which has sucked in 1 in 5 adults, specifically forbids users from choosing 370 common passwords, like “password,” “hooters,” “123456,” and, appropriately enough, “stupid.” In light of the size of the problem, though, that’s just a gesture.
The latest theft and exposure of private data did enable researchers to examine people’s password habits, and it turns out we are just as lazy about coming up with strong passwords as we were at the dawn of the Internet age. The most common password, used by nearly one percent of the sample, was “123456,” which clearly won't have surprised the code monkeys at Twitter. According to the New York Times, a survey done way back in the Dark Ages of the mid-1990s found some of the exact same (extremely weak) passwords at the top of its list. The new study found almost half of users chose passwords that were either names, words found in the dictionary, slang words, or “trivial passwords,” such as consecutive digits.
Passwords have become as essential to modern society as door locks and security cameras—maybe even more so. But strong, difficult-to-crack passwords are, by definition, not intuitively easy to think of. Far too many of us, therefore, simply give up and use a password we’ve used before, or pick something obvious like our child’s birthday, the street we live on, or a dictionary word—all big no-no’s, as your IT department would tell you. But would you listen?
A strong password has to be easy for you to remember, but next-to-impossible for anyone else to guess, whether that someone is a human or a password-cracking computer program. It's not hard to find advice, online and off, on how to come up with such passwords. There are even utilities to help you keep track of many passwords with just one “master key.” Services have also cropped up purporting to protect you against identity theft.
But we’re up against a deadly triumvirate that militates against our electronic security. Human psychology resists making the effort to create (and remember) strong passwords. Human psychology also tempts some of us to try and steal stuff from the rest of us. Finally, human error, sometimes in the form of corporate laziness, allows a company like RockYou to fail to encrypt data they should be encrypting. As a result, they may have indeed rocked you—in a most unwelcome way.
Comments (4)
Maine Magistrate Judge John Rich has decided that in spite of the belief that a financial institution authorized online hackers to take over $300,000 from client's account, the bank is not responsible for the lost cash. The plaintiff - according to Magistrate Judge John Rich - should have been more careful. The plaintiff will need <a title="Even with bad credit, get installment loans online" href="http://personalmoneystore.com/installment-loans/">installment loans</a> since there isn't any cash left in the account.
report abuseI use Mitto ( http://mitto.com ) to manage my password and keep each one of them unique and strong (or as strong as the site permits). A lot of the time people end up having their passwords stolen when they use them from other computers, but Mitto protects you against this by requiring extra information each time you log in from an unrecognized computer (i.e. it can send you a unique one-time code as a text message to your phone, just like my bank).
report abuseHa, one of the forbidden passwords is ncc1701. Sooo many trekkies out there.
report abuseGreat points. It all does come down to human psychology. A great part of life is just a process to make things easier for ourselves. Because I know how lazy I am, I use sticky password. I get to be as lazy as I want and I know I've got good passwords and other functions too. www.stickypassword.com
report abuseThat doesn't solve the problem of the websites I visit geting their databases hacked, but I've got my end covered.