When hackers breached the servers of Sony Pictures in June, they cast a harsh light on one of the Web's most bedeviling security problems: passwords. After finding that 1 million user passwords for three Sony sites were stored without encryption, the intruders posted them online for anyone to see.
Security researcher Troy Hunt pored over the file and found that half of the passwords could be considered weak because they had a low degree of randomness—they had only lowercase letters, only uppercase letters or only numbers. More than a third of the passwords could have been found in a dictionary and easily guessed by a password cracker, a tool that quickly tries different combinations of secret words. Half of the passwords were seven characters or less. Finally, the researcher found 90 e-mail accounts that had also shown up in another leaked password file, from Gawker.com, and discovered that about two-thirds of those users had the same password at both sites. "It indicates to me that this was a normal practice for people to plug in the same password into their accounts," says Hunt, a software architect who studies security.
To read the full, original article click on this link: No Easy Answers to Password Problems - Technology Review
Author: ROBERT LEMOS
