Password of 70 Million People Analysed – We All Are Idiots
The largest research on password selected by people online shows that we are fool when it comes to setting up a password for our online accounts. No matter who you are, how old you are, how much ever intelligent you are, you really suck in passwords.
This detailed research is conducted by Joseph Bonneau at the University of Cambridge. He analysed the password strength of about 70 million Yahoo users. Don’t get him wrong, he didn’t see any of your personal information as the passwords were protected by hashing. He analysed passwords on on the basis of various demographics. Passwords were analysed by age, gender, income, web usage, education etc.
“We find surprisingly little variation in guessing difficulty; every identifiable group of users generated a comparably weak password distribution,” Bonneau wrote.
It is surprising that when people are asked to enter their credit card information, they don’t even consider whether their passwords are strong or weak. People general avoid very easy password like “1234″ or “ABCD” but they are not doing anything smart also. Their passwords are not so strong and hackers love this.
The researcher has also marked that no matter how important the data is, people keep very generic passwords like “sweetboy4you”, “rose4you”, “superman007″, “birthdate” etc.
“More surprisingly, even seemingly distant language communities choose the same weak passwords and an attacker never gains more than a factor of 2 efficiency gain by switching from the globally optimal dictionary to a population-specific lists,” Bonneau wrote.
The study also indicates that there are few smart people who change their passwords regularly and keep passwords tough. Most people simply keep the same password associated with an account for years, significantly increasing the likelihood of the account being hacked.
Bonneau suggests that people chose a randomly selected number at least nine digits long because it will be easy enough to remember like a phone number and still provide a an above-average level of security. He also says that businesses that make people create passwords should make users pick tougher passcodes. “A stricter password selection policy might produce distributions with significantly higher resistance to guessing,” Bonneau wrote.
All this talk of passwords and security is admittedly making me a bit nervous. I’m going to change some passwords today. You should too.
