Study: Simple Passwords are a Hackers’ Delight

Computer users seem to be taking reports of security breaches, over the years, as also the recent attacks, on Google’s email-service with a huge lump of salt, say security experts.

According to a study of accounts of 32 million people whose accounts were hacked at a social networking site RockYou suggests that full twenty per cent of web users still prefer to leave the cyber equivalent of a key under the door by choosing simple, easily guessed passwords like ”abc123,” ”iloveyou” or even ”password” to protect their data.

The study revealed that as many as 1 per cent of the victims were using ”123456,” as their password, followed by ”12345,” ”123456789? and ”Password,” in that order. ”iloveyou” came in at no. 5.

According to Amichai Shulman, chief technology officer at Imperva, which makes software that provides protection against hacking, people prefer to use simple passwords due to a human genetic flaw. He said the company had seen the same patterns since the 1990s.

What was even more disturbing according to Shulman was that about 20 per cent of people on the RockYou list picked from the same relatively small pool of 5,000 passwords.

They say what this meant was that hackers could easily break into many accounts by just trying the most common passwords and thanks to the widespread availability of fast computers and speedy networks, hackers can fire off thousands of password guesses per minute.

According to Shulman contrary to what most people would believe password guessing was not a very time-consuming process. It does not require using a large number of name-and-password combinations, as they would think. Passwords could be very effectively guessed by choosing a small number of common passwords.

Though some web sites try to thwart attackers by freezing an account for a certain period of time on repeated incorrect password submission according to experts hackers simply learn to trick the system, by making guesses at an acceptable rate, for instance.

Some websites, in their attempts to improve security have started forcing users to mix letters, numbers and even symbols in their passwords and others like Twitter prevent people from picking common passwords.

The trend of using simple passwords is not new however, as a similar survey that examined computer passwords used in the mid-1990s also revealed that the most popular ones at that time were ”12345,” ”abc123” and ”password.”

According to security experts what makes people choose simple passwords is the fact that we are simply overwhelmed by the sheer number of things we are required to remember in this digital age.

They say people are now expected to keep probably 10 times as many passwords in their head as they did 10 years back, which include voice mail passwords, ATM, PINs and internet passwords.

Also they point out that users tend to use the same passwords on all or most of their work and personal accounts. They say that was what caused the 2009 Twitter document hack, as once the hacker broke in to a single employee’s gmail account, he could access a lot of sensitive data as he had gained access to the master key, so to say.

Experts advise that users choose at least two different passwords – a complex one for web sites were security is vital, such as banks and e-mail, and a simpler one for places where the stakes are lower, such as social networking and entertainment sites.