- A program called LC4 (formerly L0phtCrack) used by governments and the military boasts being able to crack 90% of user passwords in under 48 hours on a Pentium II/300. Additionally, it claims that it can crack 18% of the passwords in under 10 minutes (source: SpiesOnline.net 09/2006)
- In the UK a worrying 3.7% use the password \"123\" (source: Pixelapes.com 05/2008)
- 1 in 700 people choose 'qwerty' as their password (source: Modernlifeisrubbish.co.uk 08/2007)
- Distributed.net's Project Bovine RC5-64, one of the fastest computers on earth, recently reached a speed of 76.1 billion passwords per second! (source: Lockdown.co.uk 01/2007)
- By default, the Mozilla Firefox browser lists your stored passwords in plain text to anyone with access to your browser through the tools > options > security > Saved passwords > Show All. This includes a feature to search through your saved password information as well... You can opt to have these protected by a 'Master Password' but by default and without this, Firefox will display them all at a click of a button. (source: n/a 08/2008)
- Password recovery tools for the majority of popular programs we use today are free to download and use. This includes but is not limited to: recovering all passwords stored in Internet Explorer or Firefox; most Messenging programs with auto-login features; account usernames and passwords from the majority of webmail and email programs; passwords in remote desktop sessions; and any wifi keys used in your wireless connections. All the software can run off a USB key needing only a few seconds to connect to your computer and to automatically download all the passwords. (source: NirSoft Recovery Tools 01/2008)
- 4 main techniques used in getting your password: Steal It (by looking over someone's shoulder), Guess It, Brute Force (=try every combination), Dictionary Attack (=try every combination starting with words that exist). (source: Lockdown: Choosing a good password)
And some more which have become more popular in recent years:
- There are loads of nightmare stories by security companies but one of my favourites is when the company hired to hack the client’s network simply drops loads of free nice USB flash drives in the parking lot. Employees pick them up and plug them into their machines at work which then sends the details over the internet. Apparently this has a 9 in 10 chance of working. Possibly the most notable in 2008 being the US Pentagon.