« Postcard from the Gartner IAM Summit | Main | The Gartner Summit was a Good Primer on IAM »

How good are our passwords?

By Nishant Kaushik on December 15, 2006 11:25 AM

Wired News (which I read assiduously) had a pretty interesting article in their "Security Matters" section recently that talked about an analysis done of MySpace account passwords ("MySpace Passwords Aren't So Dumb"). It makes for a pretty interesting read, so check it out. While you are at it, check out whether you have a password that falls into the list of "most common passwords". Particularly interesting to me was the following statement:

Another password study in November looked at 200 corporate employee passwords: 20 percent letters only, 78 percent alphanumeric, 2.1 percent with non-alphanumeric characters, and a 7.8-character average length. Better than 15 years ago, but not as good as MySpace users. Kids really are the future.
Makes you think, doesn't it? Why is it that corporate passwords are easier than the passwords teens are using to protect their MySpace accounts? Does it point to the perceived value of these accounts to their owners, the lack of a sense of ownership, or the same old issue of "too many passwords"?

It would be interesting to see if there is a similar study on the complexity of SSO passwords. Let me know if you happen to come across one.

Tags:

AddThis Social Bookmark Button

Comments (2)

Peter Kleynjan:

I think a 7.8 character alphanumeric password is pretty good average score for the corporate environment, actually -- considering there are typically lots of different systems, each imposing its own policies but also its own restrictions.

Many traditional apps (as well as more than a few "modern" web apps) cannot handle non-alphanumeric characters, for instance, or have length restrictions.

Posted by Peter Kleynjan | December 15, 2006 10:45 AM

Posted on December 15, 2006 10:45

John Flack:

I think you hit the nail on the head - the difference between MySpace and corporate accounts is "too many passwords". Teens have a MySpace account, one or two e-mail accounts, and maybe one or two other web accounts requiring passwords. Most of my users have at least two e-mail accounts, several database accounts, maybe one account on a server, plus several web accounts. Fortunately for us, our corporate LAN and e-mail uses the same passwords, as do most SQL Server accounts. For us IT folks it is far worse - I need passwords to the "oracle" account, and sometimes the "root" account on six servers, plus passwords to SYS and SYSTEM on my Oracle databases, plus passwords to some other schemas.

Posted by John Flack | December 15, 2006 10:49 AM

Posted on December 15, 2006 10:49

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

About

Nishant Kaushik

An exploration of the world of Identity Management with me, Nishant Kaushik, architect for IdM products at Oracle. More...

Downloads | Speaking | Contact Me

About This Entry

This page contains a single entry from the blog posted on December 15, 2006 11:25 AM.

The previous post in this blog was Postcard from the Gartner IAM Summit.

The next post in this blog is The Gartner Summit was a Good Primer on IAM.

Many more can be found on the main index page or by looking through the archives.

Top Tags

view complete tag cloud

Recent Posts

Recent Comments

John Flack on How good are our passwords?: I think yo
Peter Kleynjan on How good are our passwords?: I think a

Google Search


Only search this blog

Archives

Syndication

Subscribe to this blog's RSS feed
subscribe by email Subscribe to this blog by Email

Socialize

View Nishant Kaushik's profile on LinkedIn
Add to Technorati Favorites
twitter_icon.jpg
Powered by
Movable Type Enterprise and Oracle