Why single word passwords don’t work
A recent explode of a hole in microblogging website Twitter.com shows that users should never use single word passwords.
When subscribing to a new web site you usually think of a word that no one else will think of has to do with you, thinking that they will never guess that a goth girl would choose something like “sunshine” as a password. It’s the people that don’t know you that can get into your accounts as well.
In early January of 2009 Twitter.com was broken into by someone using a brute-force attack to gain access to a administrator of the site. Until the attack, Twitter allowed users to continue trying passwords on account. Other sites will allow a user try to gain access three times and then shut the account down to allow a cool down period. The brute-force attacked used every word in the dictionary until “happiness” worked on the account.