You arrived here at 14:25 Helsinki time Saturday 23.8.2014





The password is the mirror of the soul - more's the pity

The password is the mirror of the soul - more's the pity
 print this
By Ritva Liisa Snellman
      Tell me the password you use for your email account, and I'll tell you what sort of person you are.
      Paaarp! Error, error...
      First mistake of the criminally stupid.
      Second fatal error - never use the name of your dog and the date when he died as the basis for your password.
      And the third mistake you make will be if you don't regularly change your password.
      In these days of daily breaking & entering stories about data thefts, everyone has cause to shake the bag, and sharpish.
      But back to the character analysis - it is clear you are a family-oriented sort of individual.
      Does that help?
Passwords have become the Rorsach inkblot test of the 21st century.
      They tell us something of the subconscious of the user, as the character-string that is typed into the little window is usually something that springs from the inner recesses of the mind and that is sufficiently memorable that...well... that we remember it.
      The family-oriented password-user picks as the string to access his or her webmail account the name of either a child, a pet, or some other person close to him or her, plus some numbers (usually a year) that mean something in this context.
      According to one recent British study, as many as one in two net-users fall into this category.
      One in three are fans, who use the names of individuals, TV-characters, or sports clubs they admire.
      One in ten are members of the naughty brigade, taking as their password something associated with sex, swear-words, or potty humour.
      Only around ten per cent fall into the category of cryptics, who do it by the book and form whatever passwords they have from strings of apparently meaningless characters, letters, and numbers.
We have come to learn more and more about the seemingly endless love for the easy way out among net-users as the number of black-hat and white-hat hacking and cracking incidents has grown and they have spread to different countries.
      In 2009, an unknown hacker broke into the computer systems of the American social game developers and software house RockYou.
      The data breach resulted in the exposure of over 32 million user-accounts all over the world.
      It was bad enough that the company itself was sloppy in allowing such a burglar past its internal security, but worse was to come: when the hacker published the passwords in his or her possession later (just the passwords, mind you), the American data security firm Interva, which makes software for blocking hackers, ran an in-depth analysis of the thirty-two million character-strings that had been made public.
The results, later featured in a New York Times article, made excruciating, depressing reading.
      Could people really be that dim?
      One in three passwords - that's ten million or so - were too short to start with: six characters or less.
      People who think of themselves as original and smart become unimaginative vegetables when they touch a keyboard, it seems.
      According to Amichai Shulman, the chief technology officer at Imperva, some 20% - six million people - had "thought up" a password that came from the same small pool of 5,000 common passwords.
      Every second password was a name, a slang-word, a word that can be found from the dictionary, or an easy character-string from the QWERTY keyboard.
      Yes, "QWERTY" itself (basically the preserve of the dumbest of the dumb) was snuggled at the bottom end of the Top 20, at No. 20.
Evolution has not been very efficient. Back in the 1990s, during the leather-helmeted early days of the Internet, the most popular password string of all was "12345".
      Now it was only the second most popular choice according to Imperva's study, behind the hugely cryptic "123456", and just ahead of the fiendishly difficult "123456789".
      Two other "123..." combinations graced the Top 10, and the marginally more sophisticated "654321" was in at No. 19.
      And this was in 2009...
Knowledge of Finnish password popularity was gleaned in 2007, when hackers broke into a few entertainment and hobbies portals popular with young people.
      The results did not exactly square with the vision of Finnish youngsters as stars of the PISA education programme.
      The most common password was salasana.
      Yes, you guessed it: salasana is the Finnish word for "password".
      Aside from this local delicacy, most of the other choices meshed in very well with the international norms, if one sets aside the extreme frequency of swear-words in the Finnish experience.
Shameful though it may be to admit it, the Swedes next door seem to be a tiny bit more original in this department, although the line is wafer-thin.
      After the break-in on the Gratisbio.se site in the summer of this year, nearly half a million passwords were leaked into the public domain.
      Top of the pile was our old friend the number sequence, followed by hejhej and hejsan [perversely terms for saying "goodbye" rather than "hello" when logging on].
      However, standing proudly at No.6 was bajskorv, which basically means "turd" or "sh*tburger", and others in the Top 20 included the simple bajs [see earlier], mamma, and dinmamma, where din means "your".
In the wake of the recent data burglaries, the authorities have exhorted Finns to change their passwords for critical services and to make them more difficult to decipher.
      In this respect, anyone who falls into the family-oriented category and feels a pressing need to recall the fate of their late four-legged friend would do well to exercise their brain-cells a bit to come up with something more like this:
      "My dog Tessu went to Doggy Heaven 12 years ago".
      MdTwtDH12ya - now there's a cryptic's password for you, though it is still too short to be really strong.
Helsingin Sanomat / First published in print 20.11.2011

Previously in HS International Edition:
  Finns urged to change online passwords after thousands leaked (14.11.2011)
  Data leak – Anonymous hackers disown claim of responsibility made in their name (8.11.2011)
  Personal information of 16,000 people put on internet in Finland´s largest ever data leak (7.11.2011)
  Leaked list of passwords already put to nefarious use (16.10.2007)

  Password (Wikipedia)
  New York Times, 20.1.2010: If Your Password Is 123456, Just Make It HackMe

RITVA LIISA SNELLMAN / Helsingin Sanomat

  22.11.2011 - THIS WEEK
 The password is the mirror of the soul - more's the pity

Back to Top ^