Psst. I know your password
Retrieving the password file from one of the health care company's servers, the consulting firm put "John the Ripper," a well-known cracking program, on the case. While well-chosen passwords could take years--if not decades - of computer time to crack, it took the program only an hour to decipher 30 percent of the passwords for the nearly 10,000 accounts listed in the file.
"Just about every company that we have gone into, even large multinationals, has a high percentage of accounts with easily (cracked) passwords," said Greg Shipley, director of consulting for Neohapsis. "We have yet to see a company whose employees don't pick bad passwords."
[ Read more ]
- News: Turning pictures into passwords (21 May 2002)
- News: O'Reilly leaks geeks' docs (14 May 2002)
- News: Experts envision graphics-based passwords (9 May 2002)
- News: Biometric security not quite ready to replace passwords (2 May 2002)
- News: Crackers favour war dialling and weak passwords (29 April 2002)