The science behind bad passwords

Passwords have to be the biggest security vulnerability in existence today. The strange thing is we know the rules, and we know how to enforce the rules, but nothing happens except for continued data breaches.

If we take a look at many of the big security breaches and annual studies from Verizon, Trustwave, etc. it’s the same old story every time. New Year – same old bad passwords being compromised.

The password vendor, SplashData, released their “Wrong Passwords” list last year and sure enough, bad passwords were everywhere, AGAIN. In their analysis of 3.3 million leaked passwords, SplashData found the top five worst passwords were…

  §  123456

  §  Password

  §  12345

  §  12345678

  §  Qwerty

These passwords are not a surprise at all. However these are not reflective of enterprise domain passwords. That’s okay because that is not where the real risk lies, what’s really vulnerable is all the other enterprise passwords that are being used and exposed…

  §  External Web applications

  §  Content management systems

  §  Internal Web applications

  §  Databases

  §  Storage systems

  §  Physical security control systems

  §  Routers

  §  Firewalls

  §  Wireless networks

  §  Mobile devices

So what exactly can be done to stop people from using bad passwords? It’s simple; people are going to take the path of least resistance. Allow them to set up a weak password and they will! You have to set people up for success by properly setting their expectations with high security standards and policies that are enforced with technology.

So many people (developers, IT admins, security leaders) are afraid of ticking off management or their customers by forcing them to use long and crazy-ridiculous passwords that they cant possibly remember. Many people responsible for security never take the time to educate their users on just how easy it can be to set a super-strong password that would likely never be guessed or cracked.

There is no magic behind this, bad passwords are a fundamental people problem that we need to figure out how to get our arms around.

For all your IT needs, contact The Computer Guyz in Cape Town or Centurion. We can supply you with anything from general IT support and repairs to graphic design and website hosting.

Written By: Christine Romans
CopyWriter at The Computer Guyz Cape Town