Passwords - the good and bad - Geek Guru
 

Get A Quote

[contact-form-7 404 "Not Found"]

Passwords – the good and bad

A new study has revealed that poor passwords are as much of an issue now as they were in the 1990s with the majority of users still opting for insecure and easy to crack words and combinations. In December 2009, a major password breach occurred on the website rockyou.com that led to the release of 32 million passwords. Whilst this was a huge security breach for the sites users, and a PR nightmare for the sites owners, it did give security analysts the opportunity to scrutinise a huge data set of real-life passwords. This is the largest set of data ever analysed and the results are not good reading!

Imperva Study

The study conducted by The Imperva Application Defense Center and shows that users are still making poor choices when it comes to choosing their passwords. This may be through a lack of understanding of the risks associated with poor passwords or a lack of knowledge about what constitutes a good or bad password. The research revealed the following:

  • 30% of all users choose passwords that are less than 6 characters
  • 60% of users choose passwords that are formed from simple characters (i.e. no numbers or symbols)
  • Nearly half of all users used names, easily guessable slang words or trivial passwords such as ‘password’ and ‘123456’
  • Further research also shows that most users use only one password for all their online accounts

But what does this mean in practice. A hacker does not sit at a computer trying to guess your password manually but rather uses automated systems to ‘brute force’ attack each account using a list of common passwords. This type of attack is called a dictionary attack as it uses a pre-defined list of words – much like a digital dictionary. If you chose an insecure password you are opening up your account to a dictionary attack as chances are your password will already be on the list. Imperva have cooked up some figures that suggest a hacker using a password dictionary of the top 5000 passwords would have been able to compromise 20% of all accounts on the list without having to do any additional work. i.e. 640,000 users were all using one of the same 5000 passwords.

Choosing a password

The good news is – choosing a good quality password is easy. Just follow these general steps:

  • Ensure your passwords are over 8 characters long and preferably even longer (Microsoft recommends 14 characters)
  • Choose passwords that are made up of lower case letters, upper case letters, numbers and symbols
  • Avoid using whole words or passwords that are easy to guess such as names or significant dates
  • Use separate passwords for separate accounts. A security breach on one account should not mean disaster for all your accounts

If you’re still finding it difficult to come up with something try these easy password generating ideas:

  • Use the first letter of each word from a line in a book, song, or poem. For example: “Shut your eyes and sing to me” might produce “sye&s2me”
  • Try replacing letters with numbers and add a couple of capital letters for good luck. For example: “computers” might produce “C8mput3Rs”
  • Join two words or dates together with some symbols. For example: “H0use&*JellY”

Lastly, if you’re unsure how strong your password is. Consider checking it with Microsoft

Posted on by Tim
This entry was posted in It 4 business, IT Security. Bookmark the permalink.