rediff.com

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  

Rediff News  All News 
Rediff.com  » Business » Passwords are most insecure, says a study

Passwords are most insecure, says a study

Last updated on: April 3, 2012 14:09 IST

Passwords are most insecure, says a study

     Next

Next
Prasun Sonwalkar in London

Online passwords are so insecure that one per cent can be cracked within 10 guesses, according to the largest ever sample analysis carried out by a Gathes Cambridge scholar at the university.

The research carried out by Joseph Bonneau will be presented at a security conference held under the auspices of the Institute of Electrical and Electronics Engineers in May.

Bonneau's research has featured in The Economist, a university release said.

Bonneau was given access to 70 million anonymous passwords through Yahoo! -- the biggest sample to date -- and, using statistical guessing metrics, trawled them for information, including demographic information and site usage characteristics.

Click NEXT to read further. . .




     Next

Passwords are most insecure, says a study

Prev     Next
Prev

Next

He found that for all demographic groups password security was low, even where people had to register to pay by a debit or credit card.

Proactive measures to prompt people to consider more secure passwords did not make any significant difference.

There was some variation, however.     

Older users tended to have stronger online passwords than their younger counterparts.

German and Korean speakers also had passwords which were more difficult to crack, while Indonesian-speaking users' passwords were the least secure.

Click NEXT to read further. . . 



Tags:

Prev     Next

Passwords are most insecure, says a study

Prev     More
Prev

More

Even people who had had their accounts hacked did not opt for passwords which were significantly more secure, the release added.

The main finding, however, was that passwords in general only contain between 10 and 20 bits of security against an online or offline attack.

Bonneau concludes that there is no evidence that people, however motivated, will choose passwords that a capable attacker cannot crack.

"This may indicate an underlying problem with passwords that users aren't willing or able to manage how difficult their passwords are to guess," he says.



Tags: Bonneau

Prev     More
© Copyright 2014 PTI. All rights reserved. Republication or redistribution of PTI content, including by framing or similar means, is expressly prohibited without the prior written consent.