Sinlung /
16 February 2010

How Dumb is Your Password?

office-workers Are you doing enough to protect your business by having secure passwords? And do you have different passwords that can't easily be traced?

Many people use the same password for everything - from their private work accounts, containing a plethora of confidential details, through to their own personal Facebook or social networking account.

Analysis of the 32 million passwords exposed last month in the breach of social media application developer RockYou - who's applications can be used on Facebook and Myspace - provides further proof that consumers routinely use easy-to-guess login credentials.

Sensitive login credentials - stored in plain text - were left exposed because of a SQL injection bug in RockYou's website. RockYou admitted the breach, which applied to user password and email addresses for the widgets it developed, and pledged to improve security in order to safeguard against future problems, The Register states.

Secure Password infographic

"Easy to crack"

After the security breach, database security firm Imperva analysed the passwords used, publishing a report entitled Consumer Password Worst Practices.

The data found that the most common passwords were:

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

The analysis revealed a large amount of users had chosen "easy-to-crack" passwords, the most common being "123456", which was chosen by 290,731 users, or almost one percent.

'Nicole' was the 11th most commonly chosen code, followed by 'Daniel' in 12th. Other names appearing in the top 20 passwords include 'Jessica' and 'Michael'.

According to Imperva, the data found that 50 percent of password records exposed used names, slang words, dictionary words or trivial passwords (consecutive digits, adjacent keyboard keys). Analysts believe that if login names and password are easy to guess then it's more likely that hackers will be able to break into accounts using brute force dictionary attacks and readily available password cracking tools. If users (as they often do) use the same login credentials for social networking sites and more sensitive accounts (email, online banking etc) then the problem gets even more critical.

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyber attacks: with only minimal effort, a hacker can gain access to one new account every second - or 1000 accounts every 17 minutes," said Imperva's chief technology officer (CTO) Amichai Shulman, in a statement, ITPRO states.

Password safety

The key point of the report is to make sure passwords avoid being short and simple, to make them as strong as possible, to protect your data.

Passwords should have a combination of numbers and lowercase and uppercase letters to be secure. He added that users should consider using longer 'pass phrases' - to protect their identity online.

The risks for businesses are strong if users don't up their security game by protecting their data with strong passwords, they put other people at risk.

via cxo

0 comments:

Post a Comment