WEAK PASSWORDS : How hackers exploit this Loophole
Users are the weakest connect between any security policy . The users are fooled into clicking on the phishing links and running the malware .
But even to this day , the most crucial security loophole remains to to be a weak password . Password that do not follow the required security measure in them can be defined as weak or easy passwords . The most common examples of weak password is the password that is too short (vulnerable to bruteforce attack) or that can be guessed easily (vulnerable to dictionary attack)
Everybody knows better, but our lousy memories somehow convince us it is okay to choose a password that will be easy to remember.
Turns out, your easy-to-remember password may also be incredibly common–and thus easy for hackers to guess. According to an annual listing created by password management security firm SplashData, many people
“continue to put themselves at risk for hacking and identity theft by using weak passwords, easily guessable passwords.”
After analyzing over 2 million passwords scraped from various password dumps, SplashData ranked the top 25 worst offenders, starting with ‘123456,’ and followed closely by ‘password.’
The ridiculous obviousness of many users’ passwords won’t come as a surprise to most security pros. And indeed, some sites do try to force users into selecting stronger passwords, enforcing a minimum length (as evidenced by the third worst password, ‘12345678’) or requiring that numbers and letters both be included (enter ‘abc123’ and ‘passw0rd’ in 13th and 24th places respectively).
The weak passwords list does suggest that in a few cases, users are actually trying with slightly less obvious-seeming choices while using keyboard patterns as memory triggers. This wouldn’t be a bad strategy if it weren’t also entirely too common, with ‘qwerty’ showing up in 4th place, ‘1qazwsx’ (the left two columns on the keyboard) in the 15th spot, and ‘qwertyuiop’ sitting a little lower in 22nd position.
Rounding out the list are a variety of common words, like football, baseball, princess, and starwars. Your own social circle likely inspires a few individuals in your mind that are likely offenders with those credentials.
Passwords: ‘123456’ and ‘password’ are too short, so some users switch to ‘12345678’
It isn’t just individuals who should be concerned. Good quality passwords reduce the hackability of websites and other systems. To assist organizations with buttoning up this common weakness, the National Institute of Standards and Technology provides recommendations for developing and enforcing policies for password length and complexity.
As for individual recommendations, SplashData suggests three simple actions:
- Use passwords or pass-phrases with a
- minimum of twelve mixed types of characters
- avoid reusing passwords on different websites
- and consider using a password manager to organize and protect your passwords.
Oh, and don’t worry… when you forget your new bullet-proof password it can generally be retrieved with a “super-secure” query for your mother’s maiden name or the city where you were born. (And yes, we’re being sarcastic, because anybody with a Facebook account could find those details for many of us in a matter of minutes.).
I hope now you all understand what the real danger of using weak passwords.