Users are the weakest connect between
any security policy . The users are fooled into clicking on the phishing
links and running the malware .
But even to this day , the most crucial
security loophole remains to to be a weak password . Password that do
not follow the required security measure in them can be defined as weak
or easy passwords . The most common examples of weak password is the
password that is too short (vulnerable to bruteforce attack) or that can
be guessed easily (vulnerable to dictionary attack)
Everybody knows better, but our lousy
memories somehow convince us it is okay to choose a password that will
be easy to remember.
Turns out, your easy-to-remember
password may also be incredibly common–and thus easy for hackers to
guess. According to an annual listing created by password management
security firm SplashData, many people
“continue to put themselves at risk for hacking and identity theft by using weak passwords, easily guessable passwords.”
After analyzing over 2 million passwords scraped from various password dumps, SplashData ranked the top 25 worst offenders, starting with ‘123456,’ and followed closely by ‘password.’
The ridiculous obviousness of many
users’ passwords won’t come as a surprise to most security pros. And
indeed, some sites do try to force users into selecting stronger
passwords, enforcing a minimum length (as evidenced by the third worst
password, ‘12345678’) or requiring that numbers and letters both be
included (enter ‘abc123’ and ‘passw0rd’ in 13th and 24th places
respectively).
The weak passwords list
does suggest that in a few cases, users are actually trying with
slightly less obvious-seeming choices while using keyboard patterns as
memory triggers. This wouldn’t be a bad strategy if it weren’t also
entirely too common, with ‘qwerty’ showing up in 4th place, ‘1qazwsx’
(the left two columns on the keyboard) in the 15th spot, and
‘qwertyuiop’ sitting a little lower in 22nd position.
Rounding out the list are a variety of
common words, like football, baseball, princess, and starwars. Your own
social circle likely inspires a few individuals in your mind that are
likely offenders with those credentials.
Passwords: ‘123456’ and ‘password’ are too short, so some users switch to ‘12345678’
It isn’t just individuals who should be
concerned. Good quality passwords reduce the hackability of websites and
other systems. To assist organizations with buttoning up this common
weakness, the National Institute of Standards and Technology provides
recommendations for developing and enforcing policies for password
length and complexity.
As for individual recommendations, SplashData suggests three simple actions:
- Use passwords or pass-phrases with a
- minimum of twelve mixed types of characters
- avoid reusing passwords on different websites
- and consider using a password manager to organize and protect your passwords.
Oh, and don’t worry… when you forget
your new bullet-proof password it can generally be retrieved with a
“super-secure” query for your mother’s maiden name or the city where you
were born. (And yes, we’re being sarcastic, because anybody with a
Facebook account could find those details for many of us in a matter of
minutes.).
I hope now you all understand what the real danger of using weak passwords.
0 comments: