The science behind bad passwords
Passwords have to be
the biggest security vulnerability in existence today. The strange thing is we
know the rules, and we know how to enforce the rules, but nothing happens
except for continued data breaches.
If we take a look at many
of the big security breaches and annual studies from Verizon, Trustwave, etc. it’s
the same old story every time. New Year – same old bad passwords being
compromised.
The password vendor,
SplashData, released their “Wrong Passwords” list last year and sure enough,
bad passwords were everywhere, AGAIN. In their analysis of 3.3 million leaked
passwords, SplashData found the top five worst passwords were…
§ 123456
§ Password
§ 12345
§ 12345678
§ Qwerty
These passwords are
not a surprise at all. However these are not reflective of enterprise domain
passwords. That’s okay because that is not where the real risk lies, what’s
really vulnerable is all the other enterprise passwords that are being used and
exposed…
§ Content management systems
§ Internal Web applications
§ Databases
§ Storage systems
§ Physical security control systems
§ Routers
§ Firewalls
§ Wireless networks
§ Mobile devices
So what exactly can be
done to stop people from using bad passwords? It’s simple; people are going to
take the path of least resistance. Allow them to set up a weak password and
they will! You have to set people up for success by properly setting their
expectations with high security standards and policies that are enforced with
technology.
So many people (developers,
IT admins, security leaders) are afraid of ticking off management or their
customers by forcing them to use long and crazy-ridiculous passwords that they
cant possibly remember. Many people responsible for security never take the time
to educate their users on just how easy it can be to set a super-strong
password that would likely never be guessed or cracked.
There is no magic
behind this, bad passwords are a fundamental people problem that we need to
figure out how to get our arms around.
For all your IT needs, contact The Computer Guyz in Cape Town or Centurion. We can supply you with anything from general IT support and repairs to graphic design and website hosting.
Written By: Christine Romans
CopyWriter at The Computer Guyz Cape Town
CopyWriter at The Computer Guyz Cape Town
Comments
Post a Comment