dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2
share rss forum feed

8744675

join:2000-10-10
Decatur, GA
reply to NetWatchMan

Re: Stupid User Tricks: Password Selection - "WORD1"

Somewhere I heard that the most commonly used password is 'password', and I believe it.

A few years ago I accidentally accessed someone elses Verizon account on their website. I don't go there often and forgot my login info, so tried the one I normally used, and then clicked the "Forgot Your Password Link" to go through the validation steps to have them e-mail it.

The security question was "What is your favorite color?". That is about 6 possible colors to guess at for 90% of the population. I entered 'Blue" and it took me right to a screen to enter a new password. After that it took me right to the account, but when I went to check my bill it was somebody elses account! Name, address, and a place to hold credit card number for billing. I found the persons e-mail address and e-mailed the person to tell them what happened since I changed their password.

I also e-mailed Verizon with all the details and pointed out their poor security, and they never every replied.

I went back to the login screen and started trying common words for a user name to see how many I hit that used the favorite color question. Just about any word I entered was a valid user name, especially Verizon1, Verizon2 and it would only take a few guesses to access the account.



RARPSL

join:1999-12-08
Suffern, NY

said by 8744675:

Somewhere I heard that the most commonly used password is 'password', and I believe it.
There are two reasons. First it is easy to remember for those who use it. Second, and I think an even more important reason - The user is not that sophisticated/computer-literate and when the computer asks for the password (by saying "Enter Password"), the user thinks it is telling him/her to enter "PASSWORD" so they do .