(New Scientist) “Give me letters two, three and six from your password,” is a request Brits who bank online will be very familiar with, as most UK banks use this kind of partial password authentication. The idea is to prevent someone from snooping on your entire password at once, theoretically offering more protection – but now it seems the scheme may not actually work.

David Aspinall of the University of Edinburgh and Mike Just of Glasgow Caledonian University, UK used real-world passwords from a leak in 2009 to see just how easy it is to guess a partial password. Crucially, some passwords are more common than others, and some letters crop up in certain positions more regularly than the rest.

Note: Read our discussion guidelines before commenting.

Leave a Reply