August 27, 2012 2:51 pm
Think you’re clever for replacing the e’s with 3′s in your password? Think again. Passwords are getting weaker and hackers are getting better at figuring them out. Ars Technica writes:
The ancient art of password cracking has advanced further in the past five years than it did in the previous several decades combined. At the same time, the dangerous practice of password reuse has surged. The result: security provided by the average password in 2012 has never been weaker.
The average person has 25 accounts online, but only uses about 6.5 passwords amongst them. In 2009, about 32 million passwords were hacked from RockYou.com, an online games service. Around 70 percent of them contained eight characters or less. Only 14 million were unique – the rest were duplicates. A computer running one program can try 8.2 billion password combinations every second. And that’s not a tricked out computer. Hackers can easily triple that by adding processing power.
Combine that power, with the continuous leak of passwords numbering in the 100 million range, and hackers have both insight into password patterns, and the tech necessary to use that insight.
There are all sorts of ways in which people can protect themselves against password hackers. Some places generate a random string of characters to use as a password. Others use a master password manager to change passcodes regularly. And if you don’t, chances are your passwords will be hacked sooner or later. Ars Technica talked to Matt Weir, a Florida State post-doctoral student who wrote his PhD on passwords:
“The whole password-cracking scene has changed drastically in the last couple years,” said Weir, the Florida State University post-doctoral student. “You can look online and you can generally find passwords for just about everyone at some point. I’ve found my own username and passwords on several different sites. If you think every single website you have an account on is secure and has never been hacked, you’re a much more optimistic person than I am.”
Chances are, even knowing that passwords are easy to crack, most of us will keep our silly p@$$w0rd tricks that don’t actually protect us.
More from Smithsonian.com:
Sign up for our free email newsletter and receive the best stories from Smithsonian.com each week.