Think your AOL password is secure? Not quite. A flaw was recently discovered, by accident, that turns your 16-character, secure AOL password into a measly 8 characters, according to The Washington Post; But it’s still a password, right? Sure it is; but it is exponentially less secure than say, the 16 character password that is advertised to AOL members.

The Washington Post was tipped off by a reader who accidentally added extra characters to the end of the password field when signing on to AOL. The system successfully logged him in.

So he tried again, but this time adding more characters. Success! It may be no big deal to add characters to your password and still be able to log onto your account; but the problem seems to work the other way around.

Given a 16 character password, you can log on successfully by taking away characters until you reach a minimum of 8. So if a user were to type “techblorgecom” into the password field, it would truncate it to “techblor”.

But how less secure is an 8-character password over one with 16? Given all letters (uppercase and lowercase) plus  digits on a keyboard yields a 16-character password to have 47,672,401,710,000,000,000,000,000,000 more possible combinations than a one with 8 characters. Convinced?

AOL spokesman Andrew Weinstein only commented to say the company was looking into the matter, and added no further information.

Related:

Entry was posted on Tuesday, May 8th, 2007 at 5:48 am under Security.

Read more entries by George Gardner.
Stumble It!