Yahoo security breach shows terrible password decisions

Jul 12, 2012
2

While it's true that Yahoo's recent security breach, in which a group of hackers used an SQL injection attack to walk off with 450,000 Yahoo Contributor Network passwords, could have been prevented with better security on Yahoo's part (the company stored the passwords in plain text), it's also forcing us to come to a rather shocking realization. Apparently, people are still making very dumb decisions when it comes to choosing a password. We should all know by now that the strongest passwords are ones that include a combination of upper and lowercase letters, numbers, and symbols, but is seems no one told that to a number of Yahoo users.

According to CNET, 2,200 of the passwords stolen were simply just "123456" while another 780 were - you guessed it - "password." Okay, so maybe 2,980 miserable passwords out of a pool of 450,000 isn't all that much, but still, there really shouldn't be anyone using "123456" or "password" as the most important part of their login credentials in this day and age. When it comes down to it, we're not sure if we should laugh at the silliness of all of this or cry because of how depressing it is.

Part of the problem here is that Yahoo did not require stronger passwords for the Yahoo Contributor Network, instead accepting any password the end user wanted to roll with. CNET says that Yahoo requires stronger passwords for most of its other sites, so it why it didn't implement the same policy on the Yahoo Contributor Network is beyond us. This just goes to show that some people prefer convenience over security (at least when it comes to picking a password), so maybe it's time to finally implement a stronger password policy and force people to pick one that isn't so obvious?

[via CNET]


Must Read Bits & Bytes