To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,39123066,00.htm

Is your cat a target for password-stealing hackers?
'Easy to guess' names are UK's favourite passwords…

By Andy McCue

Published: Wednesday 11 August 2004

Despite increased awareness about the need for secure passwords, internet users are still leaving themselves vulnerable to hackers by choosing easy to guess subjects such as their cat or partner's name.

Over three-quarters choose passwords relating to friends, family and memorable dates, according to research into 1,000 internet users by Visa Europe.

The favourites are nicknames (21 per cent), birthdays and anniversaries (15 per cent), pet names (15 per cent), family members' names (14 per cent) and memorable dates such as the Battle of Hastings and England's World Cup victory (seven per cent). Thankfully very few people (two per cent) use 'password' as their password

All of those are details that basic social engineering techniques would uncover relatively quickly. To make matters worse a third of respondents said they use the same password for all their log-ins, while a quarter using it nearly all or most of the time.

But the message about choosing hard to guess passwords does seem to be getting through to some people with 22 per cent opting for random letters. And it's the silver surfers who are leading the way with almost a third of over-60s using random letters and numbers, compared to the under-30s who prefer nicknames.

Hugo Bottelier, VP at Visa Europe, said in a statement: "It is not surprising that loved ones and pet names top the most popular list as often people struggle to remember random characters or designated log-in codes and opt to choose their own. Of course, it is important that our passwords are personal and meaningful to us, but also that they are difficult to decipher and not easily guessed.”

Visa's tips on choosing secure passwords include to avoid using words that appear in the dictionary, which can be cracked by hacker tools; try not to use any personal information as it can be inferred or guessed; don't write it down and leave it by your credit card or PC; and try to use random letters, numbers and punctuation.

In a separate announcement, the UK's Chip and PIN organisaton has started a campaign to help people memorise their PINs. With chip and PIN, credit and debit card holders will need to remember their four-digit PIN - the same number they would use to withdraw money at a cash machine - to verify purchases at the point-of-sale.

A guide with tips and memory tricks such as linking numbers with memorable images is available from the chip and PIN website.

More than 41 per cent of UK cardholders had been issued with a chip and PIN card by the end of May 2004 and major retailers including Dixons, Wilkinsons, Asda and Tesco are currently making the upgrade in stores across the country.