Saturday, November 18, 2006

MySpace password exploit: Crunching the numbers (and letters)

The link is to an article at InfoWorld's web site. Roger Grimes got ahold of the purloined password/username lists obtained in the phishing attack when they were posted on the web. He analyses 34k entries for various things like frequency of letter and number use. It is a short and very interesting look into both how passwords fail and how easily they can be made a lot stronger.

As Grimes points out, it is not often a White Hat type gets to analyse such large lists and his doing so makes this article unique. It also points out just how easy it is to have passwords that do fall into "the norm", meaning it is almost trivial for you to tighten up your act as far as passwords go. For me to do it, as well. I was a bit surprised to find that several of my passwords fall directly into line with the poor ones. I spent a fun-filled hour fixing that.

Jack

Update: There are links in the article cited above to a 3 part article on Microsoft's TechNet site. Here are all 3, just in case.
Part 1.
Part 2.
Part 3.

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.