[OIT] The Most Popular Passwords

Jillian Brady jbrady2 at washcoll.edu
Tue Mar 6 15:06:02 EST 2007 

The Most Popular Passwords Are...

...the names of family members, sports teams, and pets.


That's the word from the organizers of the Infosecurity Europe 
conference who conducted a sneaky, impromptu man-on-the-street survey at 
the Liverpool Street Station in England, reports Security Pipeline. It 
was sneaky because the pollsters randomly offered people a chocolate 
candy bar if they would give up their password. Fully 71 percent did 
just that. And once they told their password, they revealed lots of 
other information as well.

To whom would you reveal your password?
• When first asked if they would reveal their password, 37 percent did 
it right away.
• For those who wouldn't tell immediately, the pollsters used social 
engineering tactics, suggesting their password was a child's name or a 
pet's name. Once that discussion started, another 34 percent told their 
password and many even explained the origins.
• 53 percent said they would not give their password to a telephone 
caller claiming to be calling from their company's IT department. (Good!)
• Four out of 10 said they knew their colleagues' passwords.
• 55 percent said they'd give their password to their boss.

How many passwords do you have?
• Two thirds of workers use the same password for work and personal use, 
such as banking and online access.
• Workers used an average of four passwords, although one systems 
administrator used 40 passwords, which he stored on a program he wrote 
himself to keep them secure.

How often do you change your password?
• 51 percent of passwords were changed on a monthly basis, 3 percent 
changed passwords weekly, 2 percent daily, 10 percent quarterly, 13 
percent rarely, and 20 percent never.
• Workers who regularly had to change their passwords said they kept 
them on piece of paper in their drawers, or stored on Word documents so 
they wouldn't forget them.

The most common password of all? ADMIN

Last year, when this same survey was conducted, the most common password 
was PASSWORD. The change likely occurred because a lot of new equipment, 
including some PDAs and all Linksys, D-Link, and Netgear broadband and 
Wi-Fi routers are now shipped with a default password of ADMIN.

One interviewee said, "I am the CEO, I will not give you my password - 
it could compromise my company's information".

A good start, but then the company boss blew it. He later said that his 
password was his daughter's name.

What is your daughters name, the interviewer cheekily asked.

He replied without thinking: "Tasmin".





-- 

Jillian Brady

Washington College

Office of Information Technologies

Technical Consultant

410-778-7271

More information about the OIT mailing list