Analysis of the re-use passwords when considering data infiltrated with burglary and Sony Gawker Discovers that the security of user passwords is even worse than we expected.
Million users’ passwords and Sony 250,000 passwords stored in Gawker unencrypted and the leaked during a separate burglary. In each case, hacker has published details of passwords for torrent trackers.
Analysis Accomplished researcher safety Troy Hunt, showed that two-thirds of users with accounts at Sony and Gawker used the same password at both sites. This conclusion is based on a fairly small sample of 88 email addresses that have been subjected to burglary as a time to attack Sony, and on Gawker. However, data collected by Hunt, and related only to cracking Sony, suggest that this is hardly a statistical quirk. On the contrary, any indicator, the security of user passwords, manifested during the hacking Sony, is dire.
Half of the sample passwords, hacking exposed during an attack on Sony, use only one type of characters, and only one of a hundred passwords used non-alphanumeric characters, such a situation observed during hacking Gawker. Only 4% of these passwords have three or more character types.
Four of the five passwords to 37,608 samples leaked during an attack on Sony, met only once. About 36% of passwords are in the password dictionary – This factor makes them extremely open to bruteforce attacks in those cases when, during a burglary has leaked a database of hashed passwords. Hunt believes that more than four out of five (82%) passwords can be calculated using rainbow tables.
Hunt came to the conclusion that security is only one password which “You can not remember.”
“It’s not too surprising, though continues to bother,” – he wrote. “We know that the password is too short, too simple, too predictable and very similar to passwords used by users on other sites.