Online insecurity

  • March 23, 2012
Online insecurity

Analysis of largest ever sample of passwords shows most are easy to crack.

Online passwords are so insecure that one per cent can be cracked within 10 guesses, according to the largest ever sample analysis.
The research was carried out by Gates Cambridge scholar Joseph Bonneau and will be presented at a security conference held under the auspices of the Institute of Electrical and Electronics Engineers in May.
Bonneau [2008] was given access to 70 million anonymous passwords through Yahoo! – the biggest sample to date – and, using statistical guessing metrics, trawled them for information, including demographic information and site usage characteristics.
He found that for all demographic groups password security was low, even where people had to register to pay by a debit or credit card. Proactive measures to prompt people to consider more secure passwords did not make any significant difference.
There was some variation, however. Older users tended to have stronger online passwords than their younger counterparts. German and Korean speakers also had passwords which were more difficult to crack, while Indonesian-speaking users’ passwords were the least secure.
Even people who had had their accounts hacked did not opt for passwords which were significantly more secure.
The main finding, however, was that passwords in general only contain between 10 and 20 bits of security against an online or offline attack.
Bonneau, whose research was featured in The Economist, concludes that there is no evidence that people, however motivated, will choose passwords that a capable attacker cannot crack. “This may indicate an underlying problem with passwords that users aren’t willing or able to manage how difficult their passwords are to guess.”

To read his full research paper, click here.

Picture credit: Salvatore Vuono and www.freedigitalphotos.net

Latest News

Lifetime honour for former Provost

Professor Barry Everitt, former Provost of the Gates Cambridge Trust, has been elected a lifetime Fellow of the American Association for the Advancement of Science (AAAS) the world’s largest general scientific society and publisher of the Science family of journals. AAAS has elected more than 500 scientists, engineers and innovators from around the world and […]

‘Tackle climate change misinformation through computational social science’

Future leaders and researchers need to be urgently trained to tackle climate change misinformation through an interdisciplinary approach that foregrounds computational social science and extends beyond laboratories and university campuses to shape the science-policy interface and rebuild public trust in climate research, according to leading academics. Writing in Nature Human Behaviour, the academics, including Dr Ramit […]

An existential psychological thriller for aesthetes

Christy Edwall’s first novel, History Keeps Me Awake at Night, out in early February, has been described as “an existential psychological thriller for aesthetes and lovers of cultural London and the world… A story cleverly told of a young woman involved in contemporary forms of global voyeurism”. It tells the story of Margit, a London […]

A detective of ancient climate change

Stijn De Schepper is an ancient detective. His job is to investigate past climate change through working his way down the ocean bed, starting with today’s sediment and moving back through thousands of years of Earth’s history.  He maps ancient marine sediments to find out if, why and how the environment changed in the past. […]