Simple passwords not enough protection for our increasingly digital world

Add to: Digg Add to: Del.icio.us Add to: Facebook Add to: Furl Add to: Google Add to: Live Spaces Add to: MySpace Add to: StumbleUpon Add to: Twitter
Tuesday June 4, 2013 at 9:00am

The art of password cracking has advanced further in recent years than it has in the previous decades combined. At the same time the bad practice of password reuse has increased. According to figures 6.5 is the average number of passwords for a web user, despite maintaining an average of 25 separate accounts. Over 100 million real word passwords have been leaked over the past year.

These leaks have enabled hackers to build-up ever increasing passwords tables. They can realise the techniques people employ to protect simple passwords from traditional dictionary attacks. For example, a simple password such as “Super” can be mangled into “Sup3r”. Newer hardware has also helped contribute to the rise in password cracking. A £1,000 PC (with the right hardware) for instance could try on average an amazing 8.2 billion password combinations each second, depending on the algorithm used to scramble them. A decade ago, such computation speeds would require a supercomputer.

Think you have devised a clever password strengthening technique, think again. It is probably already known to the bad guys.

Data breaches

Drupal, the open CMS (content management system) was hit by a massive data breach meaning nearly one million account passwords will need to be reset.

They have issued a full report on the breach, and are being totally transparent about the breach. “The Drupal.org Security Team and Infrastructure Team has identified unauthorized access to user information on Drupal.org and groups.drupal.org, which occurred via third-party software installed on the Drupal.org server infrastructure.”

They also issued a statement on how to make passwords more secure which reflects advice we’ve given in the past:

  • Do not use passwords that are simple words or phrases
  • Never use the same password on multiple sites or services
  • Use different types of characters in your password (uppercase letters, lowercase letters, numbers, and symbols).

Chinese cyber-espionage hackers are back!

According to reports they have gained access to designs for more than a dozen major US weapons systems, and also blueprints for Australia's new spy headquarters.

China has repeatedly denied any espionage claims as groundless.

Two-factor Authentication Updates

The list continues to grow - LinkedIn and Twitter have become the latest web giant to join the optional two factor verification fray.

The message? Review all your passwords and make them safe - follow the guidance provided by Dupral and in our earlier blog (Tips for creating a strong password).

Marcus Allen
Parker Management Consultants

Comments on this post:

There aren't any comments for this post yet. Why not be the first to comment?

Share your experiences:

Your Name  
(to appear with your comment)
Email Address  
(will not be published)
Comments:  
Human Validation Check  
In the box below, please type the characters that you see in the picture. This helps us to ensure a real person (and not a crafty computer!) is submitting this form.

Enter the code shown to the left:

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here