Even the tech professionals who should know better can and do make basic security blunders. That is the lesson – taught twice – by revelations about a professional association for computer engineers.
The Institute of Electrical and Electronics Engineers (IEEE) is the leading professional assocation of engineers in computing and computer-related fields. Many of the industry standards for computer technology are IEEE standards, a term constantly seen in the technical literature.
But a recent graduate of the University of Copenhagen, Radu Dragusin, came across something decidedly non-standard at the IEEE website. Dragusin, now a teaching assistant at his alma mater, came across unprotected passwords and website activity logs of nearly 100,000 IEEE members. This information sat unprotected on the site for at least a month before he found and reported it.
Dragusin also analyzed the passwords, from users including engineers at Apple, Google, and presumably other major tech firms. His findings do not connect passwords to individuals, but they are still an eye-opener.
The most common password used by these 99,979 IEEE-member professionals? "123456." "Password" and "admin" also ranked among the eighteen most popular choices.
In fairness to these engineers, they may not have regarded their IEEE website passwords as a critical security issue. Most of us find ourselves needing to create passwords for dozens of online sites. Not all of them need the level of protection that, say, your bank account password needs. But passwords like "123456" are amazingly weak, even as lowest-priority passwords for casual-use websites.
And it is hard to say what is more embarrassing here: that computer professionals are so careless about their own passwords, or that the IEEE was so careless about its members' passwords.
