Last week brought more password-related news, as it was announced that the usernames, email addresses and passwords of members of a leading porn site were publicly available.
Anders Nilsson, CTO and security specialist at Eurosecure, said the credentials of more than a million registered users were openly accessible on the chat page of YouPorn, until the server was taken down. Apart from the embarrassment for those whose details were exposed and those amused that 'they'll go blind for looking at it', this led to more analysis of passwords.
Analysis of the passwords used on YouPorn by passwordproject.com found that two per cent (124,095 of members) used the password ‘123456', while 26 per cent (1.2 million) used a password that was six characters long. More than a thousand had a password that was 32 characters long.
According to cloud identity security solutions provider Ping Identity, a survey of 2,000 UK consumers found that 60 per cent of them need to remember more than three different passwords daily, while 21.6 per cent need to remember more than eight passwords. Not surprisingly, 61 per cent admit writing down their passwords.
John Fontana, identity evangelist at Ping Identity, said: “The more passwords we're forced to remember, the more we're likely to forget or write down in an effort to ensure we always have access to the accounts that matter. Not only does this leave individuals open to fraudulent activity and exposes the businesses they work for, but it also highlights the value we place on different passwords.”
As we analysed at the start of January, with the data from the Stratfor attack and breach – where passwords such as 123456, 11111111 and 123123 were common among customers – it is less a story about the randomness of the password and more about where and how frequently it is used.
After all, you could have a 32-character password, but if you use it for multiple logins, the security you have created is undone. We will probably see this story emerge again and again until a credible solution is presented to prevent password re-use, sharing and writing down.
It is not like this is a new phenomenon though – just look at this clip from the 1987 film Spaceballs: http://www.youtube.com/watch?v=_JNGI1dI-e8&list=WLF656F8DB37DB6686&index=2&feature=plpp_video