1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Study shows that most people are still bad at picking passwords

By midian182 · 5 replies
May 24, 2018
Post New Reply
  1. It should come as little surprise to learn that despite the spread of password managers, two-factor authentication, and the ever-increasing number of hacking incidents/data leaks, most people still use terrible passwords. A recent study by Virginia Tech University and Dashlane analyzed 61 million leaked credentials, which showed that bad habits remain prevalent when it comes to creating passwords.

    While the inexplicably popular 123456 and qwerty remain two of the most common picks, researchers found variations of these that use what is called “password walking.” The method involves picking numbers and letters adjacent to each other on a keyboard, leading to equally insecure passwords such as 1q2w3e4r and 1qaz2wsx.

    It was also discovered that many people are quite passionate when it comes to choosing their passwords, with iloveyou, f**kyou, f**koff, and a**hole all popular choices. Pop culture picks included superman, pokemon, and slipknot, while soccer teams such as liverpool and barcelona also made the list.

    Brand names were very popular, too. Surprisingly, the most common of these is MySpace, with LinkedIn the third most common. It could be that many members of these services, which have experienced massive data leaks in the past, simply used the sites’ names as their passwords. Dashlane/Virginia tech analyzed leaks from the last eight years, which could explain their popularity in the dataset.

    As always, the study shows why it’s best to follow password security best practices. Using 2FA, where available, is always advisable, despite it occasionally being a pain. And password managers like Dashlane can be a godsend, just don't use 123456 as master password.

    Permalink to story.

     
  2. MoeJoe

    MoeJoe Banned Posts: 837   +441

    Really? LMAO
     
  3. TomSEA

    TomSEA TechSpot Chancellor Posts: 3,094   +1,545

    "....most people are still bad at picking passwords"

    Translation: people are lazy.
     
  4. bexwhitt

    bexwhitt TS Evangelist Posts: 404   +115

    I have my long four word password (easy to remember nonsense) with something else as a space in between for lastpass with 2 stage authentication enabled and that gives me unique passwords for everything else. I keep telling people their passwords are not good enough but they don't listen so screw them.[​IMG]
     
  5. m4a4

    m4a4 TS Evangelist Posts: 1,402   +968

    And user database designers are still bad at picking password "complexity" lol
    [​IMG]
     


  6. It's not clear in the comic but the passphrase is generated from a dictionary of 2048 words. If the attacker knows the database it's 44bits of entropy (2^44 (2048^4) possible combinations). If the attacker doesn't know the dictionary, but knows the length and that it's all lowercase and tries to bruteforce every combination of the alphabet the entropy *increases* to 118 bits.
     

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...