UK study: Passwords often easy to crack

(CNN) -- Computer passwords are supposed to be secret. But psychologists say it is possible to predict a password based on the personalities of users or even what is on their desks.

Objects around the office may not seem important. But they may help someone to crack your computer password and masquerade as you, sending e-mails, accessing files and even plundering your online bank account.

According to a recent British study, passwords are often based on something obvious. Around 50 percent of computer users base them on the name of a family member, partner or a pet. Thirty percent look to a pop idol or sporting hero.

Such password inspirations could be a problem.

"Particularly if you are a fan of a football club. Then you might well have something related to that football club on your desk at the office. You might have a mug or a pen. And if someone wants to try to hack into your system, then they might try using that as your password," said Helen Petrie of City University in London.

It is not always that easy. Psychologists say passwords often reflect something about our subconscious. Users may not even know what inspires them to chose one word rather than another.

"It seems to be something about the first thing that comes into your mind when you're asked to give a password," Petrie said.

According to Petrie, 10 percent of users pick passwords that reflect some kind of fantasy. Often these contain sexual references. And 10 percent use cryptic combinations. They are among the toughest to break.

To protect online customers, financial institutions advise them to enhance security by using random words and letters and to change a password frequently.

"Even with the strongest, fastest computer these days, it still takes some time to crack a strong password," said Eugene Law of Cash Financial Services Group.

Experts say that whatever you do, do not base a password on your own name or date of birth.

And when you are asked to select a password, do not simply type in password. That one is not too hard to crack.
http://www.cnn.com/2002/TECH/ptech/03/13/dangerous.passwords/index.html

Cool. I'm in the 10 percent that use "cryptic combinations". I typically use a common word, a number and another common, yet unrelated word. Something like "blue74carp".

My only problem is that I tend to use the same 4 passwords for everything. So if someone cracked one of my passwords, they could have access to many things. Fortunately, my best defense is that I am not that interesting and don't have anything worth looking at.

believe it or not, i know a friend that does totally random passwords, and remembers them.. it would be in different caps, and all.. something along the lines of "5xP5SmQ94BoN7Fu" or some crazy thing like that.. But generally, I use the same 6 passwords for everything.. what i hate is when its my credit card places.. after 3 tries or so, they lock your account and you have to call in to re-activate it.

yea, i have random letter / number combos w/ underscores and all sort sof stuff. like 5qx_245t8

Same here. I use random letters/numbers/symbols. Actually, all of my passwords are inside jokes between myself and other people (none of whom I'm still friends with) so it's pretty much impossible to guess my password. Ah... the advantage of having no friends. :D

i have two passwords, one for everything, and one for my login screen(ill give you a clue for that one, the pass is the theme of this years yearbook at my school:P)

:passwird: :passwird: :passwird: :passwird:

I wonder if passwirds are easy to "crack"

Originally posted by leemaj
yea, i have random letter / number combos w/ underscores and all sort sof stuff. like 5qx_245t8 now I know your password. Hmmm... I wonder to what?

Originally posted by ZrEo0
i have two passwords, one for everything, and one for my login screen(ill give you a clue for that one, the pass is the theme of this years yearbook at my school:P)

Culver City High School or Culver Park High School? If its the first one, I got as far as your school's daily bulletin announcement, about asking students whether or not they want to buy dedication pages for the back of the yearbook.. =P too bad they don't just spill out the theme! =P yes yes, someone is bored :D

Originally posted by NuTs62


Culver City High School or Culver Park High School? If its the first one, I got as far as your school's daily bulletin announcement, about asking students whether or not they want to buy dedication pages for the back of the yearbook.. =P too bad they don't just spill out the theme! =P yes yes, someone is bored :D

just call the school and find out :), it's that simple :)

i have a couple different passwords i use different places....some are just bizarre combinations of words (not something that you could guess easily) and others are combinatins of letters, numbers, and symbols. since i have to change my password every 2 months at work, i use the same base password but substitute symbols that look the same as letters in the words so that it's still "spelled" the same but has different characters.

I have three or four different passwords that I use for everything. They are actual words, but they have no reference to anything lying around my desk.