With only minimal effort, a hacker can gain access to one new user account every second, or 1 000 accounts every 17 minutes, says Amichai Shulman, CTO at data security company Imperva. “Everyone needs to understand what a combination of poor passwords means in today's world of automated cyber attacks,” he adds.
Imperva has released a study analysing 32 million passwords recently exposed in the Rockyou.com breach. The company's Application Defence Centre analysed the strength of the passwords in a report entitled, 'Consumer password worst practices'.
The report seeks to help consumers and Web site administrators identify the most commonly used passwords they should avoid when using social networking or e-commerce sites, explains the company.
“The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism,” says Shulman. “Never before has there been such a high volume of real-world passwords to examine.”
The study found that the shortness and simplicity of passwords means many users select credentials that will make them susceptible to basic forms of cyber attacks known as 'brute force attacks'. Nearly 50% of users used names, slang words, dictionary words, or trivial passwords, Imperva explains.
For enterprises, password insecurity can have serious consequences. “Employees using the same passwords on Facebook that they use in the workplace bring the possibility of compromising enterprise systems with insecure passwords, especially if they are using easy-to-crack passwords like '123456',” warns Shulman.
“The problem has changed very little over the past 20 years,” he notes, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today. “It's time for everyone to take password security seriously; it's an important first step in data security,” he concludes.
Share