Thursday, January 18, 2007


Anyone who works in IT security or has ever worked the helldesk, oops I mean, helpdesk, knows that users don't choose good passwords. That's why we have these lovely complex password policies that the average user hates (must have at least 8 characters, and must contain a capital letter, a lower case letter, a number and a special character). The recent MySpace phishing episode shows just how bad the average users' passwords can be.

Users tend to use things that they won't foget, a few examples:

  • Their name

  • Their username

  • Words in the dictionary

  • Kid's name

  • Spouse's name

  • Pet's name

  • Birthday

  • "password"

  • Sequences of keys on the keyboard like "qwe" or "asdf"

The Dilbert comic strips for the past 2 days have been very spot on with "Dogbert's Password Recovery Service". Take a look at them here and here.

This article by Bruce Schneier is a good overview of secure passwords.

1 comment:

Dr. Raul Abdulrehman said...

Do you want to sell your kidney urgently for financial reasons? Do you
need a kidney donor Amount paid to you Rs 20,662,570.81 INR? You can contact us via email: or phonel:+918553685160 .
Dr. Raul Abdulrehman