Password or Free Pass?

Results of a new study by researchers at the internet security firm Imperva suggest that the weakest link in a user’s online persona and the protection of personal identity data may be the passwords users create for email and online accounts. Examining thirty-two million accounts hijacked by hackers from the social networking site RockYou last year, Imperva found that the continued use of weak passwords left many users vulnerable to password cracking, or even a lucky guess. Among the most common passwords created by registered RockYou members were, 123456, QWERTY, and the simple password PASSWORD.

Security concerns associated with the use of weak passwords are nothing new. In a 1990 study of UNIX system passwords comparable weaknesses were noted, according to Imperva’s CTO Amichai Shulman. A recent review of passwords associated with the popular Hotmail web based email site suggested similar vulnerabilities.

Security experts have long advocated for stronger password protection. Better safeguarding of personal accounts can be as simple as changing user passwords every month. But human nature is predictable, and users continue to select numbers, letter combinations, and slang terms that are easy to remember. Perhaps next generation security measures will protect us from our own worst instincts.