Tuesday, 10 February 2015

Researcher Publishes File With 10 Million Passwords

A researcher has published a file of 10 million passwords and usernames in order to improve the security of passwords. According to researcher and security consultant Mark Burnett gives his "carefully selected" dataset insight into user behavior.

Yet he hesitated to make the file public. Following the sentencing of Barrett Brown, the self-proclaimed spokesman for Anonymous. He received a sentence of 15 months because of the link to a file with stolen data. It was here that stolen data was already public. In his own case Burrnett fear not to be arrested. Indeed, he has no intention to commit fraud or facilitate unauthorized access to systems.

Therefore, he has removed as much as possible identifying information, including the domain of the e-mail addresses. In addition to the variety of data sets and the data will not be traced back to one company. Also keywords like company names removed, leading to the possible source of a data breach may indicate. The same applies to information that can be traced back to an individual. The now published passwords, which were collected over a period of 15 years, according to the researcher also mostly "dead passwords".

Yet he publishes them because this is a topic largely ignored and understanding password use can offer. Most researchers, however, would be afraid to publish passwords and usernames together because the two are an authentication feature together, making them a potential threat to be prosecuted. Furthermore Burnett has been download includes a disclaimer, which is necessary for it.

No comments:

Post a Comment