worst practices | Bach Seat

Tag Archive for worst practices

RB | February 6, 2018

Comments Off

Worst Passwords – 2017

Today is “Safer Internet Day” which is needed. Despite the spate of well-publicized hacks, attacks, ransoms, and even extortion attempts, millions of people continue to use weak, easily guessable passwords to protect their online information. SplashData, provider of password management applications has released its annual Worst Passwords of the Year (NSFW) list. The seventh annual report was compiled from more than five million passwords leaked during 2017.

For the fourth consecutive year, “123456” and “password” held on to the number 1 and #2 spots on the SplashData list. Variations of each, either with extra digits on the numerical string or replacing the “o” with a “0” in “password,” make up six of the top 10 most often used passwords. Morgan Slain, CEO of SplashData warns, “Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.”

Star Wars is popular

Star Wars fans were so excited by the recent premiere of “Star Wars: The Last Jedi“, that they moved “starwars” up to #16 on the most frequently used bad passwords list. SplashData’s Slain observed that it is not a good password.

Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use … Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.

Another problem with many of these bad passwords, they are simply a straight row of characters across the keyboard making them easy for attackers to guess. Pattern passwords in the bad list include:

12345
123456
1234567
12345678
123456789
qwerty
qazwsx
1qaz2wsx

SplashData’s 25 worst passwords of 2017:

1 – 123456
2 – password
3 – 12345678
4 – qwerty
5 – 12345
6 – 123456789
7 – letmein
8 – 1234567
9 – football
10 – iloveyou
11 – admin
12 – welcome
13 – monkey
14 – login
15 – abc123
16 – starwars
17 – 123123
18 – dragon
19 – passw0rd
20 – master
21 – hello
22 – freedom
23 – whatever
24 – qazwsx
25 – trustno1

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.

SplashData offers these tips to be safer from hackers online:

1. Use passphrases of twelve characters or more with mixed types of characters including upper and lower cases.
2. Use a different password for each of your website logins. If a hacker gets your password they will try it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.

rb-

Sighs – I covered this again and again ……

One older report I’ve seen says that attackers were able to crack open 254,776 of 499,556 (51%) hashed passwords within 24 hours and 439,610 (88%) within two weeks. The same report says that it can only take one day to crack an eight-character password, while it takes an average of 591 days to crack a 10 character password.

Another report on password hacks points out the value of each additional character in a password.

A 6-character password with only letters has 308,915,776 possible combinations.
An 8-character password with only letters has 208,827,064,576 possible combinations.
An 8-character password with letters (upper & lower case) and includes numbers and symbols has 6,095,689,385,410,816 possible combinations.

Related article

Survey Says: People Have Way Too Many Passwords To Remember (BuzzFeed)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2018, Best practices, Passwords, PII, Security, SplashData, Star Wars, worst practices

RB | February 11, 2017

Comments Off

Your Bad Password Habits

Yet more proof that passwords suck. Kaspersky Lab has published new data that reinforce the fact that passwords suck. Kaspersky found that Internet users around the world have bad password habits. Most users have not mastered how to use passwords effectively to protect themselves online.

The Kaspersky research has shown that people are putting their online safety at risk by making bad password decisions and simple password mistakes that may have far-reaching consequences. The research outlined in Networks Asia unearthed three common bad password habits that are putting many Internet users at risk. Internet users:

Common bad password habits

Use the same password for multiple accounts, meaning that if one password is leaked, several accounts can be hacked.
Use weak passwords that are easy to crack.
Store their passwords insecurely, defeating the point of having passwords at all.

Andrei Mochola, Head of Consumer Business at Kaspersky Lab said, “Considering the amount of private and sensitive information that we store online today, people should be taking better care to protect themselves with effective password protection.”

Password research

10% of people use the same password for all their online accounts. Should one password be leaked, these people are at risk of having every account hacked and exploited.
18% have faced an account hacking attempt but few have effective and cyber-savvy password security in place.
Only 30% of Internet users create new passwords for different online accounts

Additionally, Kaspersky found that people are not creating passwords that are strong enough to protect them from hacking and extortion. Despite that users think their online banking (51%), email (39%), and online shopping accounts (37%) need strong passwords, only;

47% use a combination of upper and lowercase letters in their passwords,
64% use a mixture of letters and numbers.

Kaspersky’s Mochola observed, “This seems obvious, but many might not realize that they are falling into the trap of making simple password management mistakes. These mistakes, in turn, are effectively like leaving the front door open to emails, bank accounts, personal files, and more.”

Mistreating their passwords

According to the article, the study found that people’s bad password habits include sharing them with others and using insecure methods to remember them.

28% have shared a password with a close family member.
22% have admitted to writing their passwords down in a notepad to help remember them. Even if a password is strong, this leaves the user vulnerable because other people may see and use it.
11% have shared a password with friends, making it possible for passwords to be unintentionally leaked.

Mr. Mochola described good password practices, “The best passwords cannot be found in the dictionary. They are long, with upper and lowercase letters, numbers, and punctuation marks. However, with people having so many online accounts today, it’s not easy to remember a secure password for everything. Using a password management solution can help people remember and generate strong passwords to minimize the risk of account hacking online.”

rb-

Great advice from Kaspersky, but as followers of the Bach Seat know, humans suck at passwords they use the same bad password habits here.

2016: The year the game industry realized its cybersecurity problem (gamasutra.com)

Category: Uncategorized | Tags: 2017, Best practices, Kaspersky Lab, Passwords, Russia, Security, worst practices

Bach Seat