Passwords have been around in one form or another for a considerable amount of time. Using a form of challenge and response has been a way of verifying an individual far before computers even existed. The exact birth of the password is unknown, however, some sources say it was likely to be the Massachusetts Institute of Technology in the mid-1960s.
The price of a password
Even though due to countless breaches, the value of passwords is still sizable. Websites such as Leaked Source have capitalized on this. They are offering a subscription to password databases for prices from 0.76c. In May 2016 an individual claimed to be selling the account records for 167,370,940 million LinkedIn users. The asking price for this was 5 bitcoins or around $2,200 at the time. It is worth noting that there was other information such as user IDs and email addresses as part of this information.
With some basic calculations, we can derive that each of these passwords, was being sold for around $0.00001314445. This being less than a hundredth of a US dollar. A threat researcher, BrianKrebs, stated in June 2013 that iTunes account details could be purchased individually on the ‘Dark Web’ for around $8 with Twitter account details selling for just $2.50 apiece.
The case of Mat Honan
Taking this into account it’s also important to think of the impact that a breached password has on an account. This being with the loss of control of the affected service. The impact of losing access to an account can be financial, social and in some cases can lead to life’s getting ruined.
“In the space of one hour, my entire digital life was destroyed. First, my Google account was taken over, then deleted. Next, my Twitter account was compromised and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”
– Mat Honan
That’s a quote from Mat Honan who is one such individual whose life was ruined after several of his online accounts were breached. This goes to show that a password has a sentimental value far greater than a measly $8. With that in mind, there is a great disparity between how we as a collective create passwords. According to the Huffington Post, the top three passwords of 2016 are still overtly predictable, these being: 123456 123456789 and qwerty. With this in mind, is it possible to guess a password? The answer is, of course, yes. Brute force and dictionary attacks have existed for almost as long as the password itself has.