Should I be gloating that I am not a LinkedIn or Facebook user? 😛
“If you are one of the 161 million members of LinkedIn, you were probably rankled by the news earlier this week that millions of their passwords had been hacked and published online – especially if you also use your LinkedIn password for your Facebook, e-mail or bank account. One way hackers fish out passwords is by using a dictionary attack (a name that brings shame to the honorable profession of lexicography). What is a dictionary attack? How can a benign book of meanings be used to uncover passwords?
With a smart algorithm and a dictionary, hackers are finding it surprisingly easy to guess passwords. And we have no one to blame but ourselves. In a recent study at Cambridge University, computer scientist Joseph Bonnea analyzed 70 million passwords from Yahoo! users. (Don’t worry, he didn’t steal them. The passwords were separated from their usernames.) Bonnea used the passwords to test possible hacking attempts. He found that using the 1,000 most common words in the dictionary an algorithm could correctly guess the passwords of up to 10% of the users. Turns out that many of us choose passwords that are relatively easy to remember and based on common words, and hackers can guess your password using a database of words (usually a dictionary of some sort).”