Ain’t that the truth. Watching various hacker/cracker/mayhem groups posting large amounts of personal data over the last few months it is interesting to note how we humans are at fault. The number of passwords released as a result of the data collected during these “hacks” continues to demonstrate that most people fail to follow any kind of strong password policy either personally or at work.
The most common passwords include ‘password’ and ‘12345678’. Even sysadmins have been caught using simple passwords.
Since removing humans from the equation is next to impossible, researchers have created a test scenario that uses PCs that supposedly behave like human beings in order to expose problematic human behavior that weaken security. The Economist has an article describing the research a group of cybersecurity experts led by Jim Blythe of the University of Southern California are working on currently.