Security Update for Villains: Sony and Gawker Hacks

Comparative analysis of leaked Sony and Gawker passwords

Cory Doctorow at 6:45 PM Monday, Jun 6, 2011 

While it's pretty awful that a million Sony users' passwords and 0.25 million Gawker passwords were published online, it has made for an interesting comparative analysis of the weaknesses in password protection, a subject near and dear to many security researchers' hearts.
Troy Hunt has published one such analysis, and it's a fascinating read, full of real, verifiable stats about the problems users have managing their passwords (for example, 67% of users with accounts on both Sony and Gawker used the same password for both).

In short, half of the passwords had only one character type and nine out of ten of those where all lowercase. But the really startling bit is the use of non-alphanumeric or characters: Yep, less than 1% of passwords contained a non-alphanumeric character. Interestingly, this also reconciles with the analysis done on the Gawker database a little while back.

A brief Sony password analysis (via Some Bits)

• Tags: human factors, passwords, security

Shameless Screen Grab Courtesy of Boing Boing  

The article at the Link at the bottom is fascinating, but as even the author points out, it was to be expected. On the user side. That both Sony and Gawker had files with passwords in plain text was not. Good practices for your own security appear to be (as you can guess); Unique passwords for each system, using length, numeric, alpha and symbols. Change your passwords regularly, and don't share them. If you store them in a file, make sure the file itself is encrypted and password protected.