Users' Perceptions of Password Security Don't Always Match Reality
People's perceptions of password strength may not always match reality, says a recent study by CyLab, Carnegie Mellon's Security and Privacy Institute.
For example, study participants expected ieatkale88 to be roughly as secure as iloveyou88; one said "both are a combination of dictionary words and are appended by numbers." However, when researchers used a model to predict the number of guesses an attacker would need to crack each password, ieatkale88 would require four billion times more guesses to crack because the string "iloveyou" is one of the most common in passwords.