Easily Guessed Computer Passwords A Risk


SAN FRANCISCO (UPI) — Hackers often get into protected systems by simply guessing the password, which is often made too easy for them by users, U.S. security experts say.

Security services firm Trustwave says it found the most common password used on business computer systems is “Password1,” CNN reported Monday.

Although it satisfies the complexity rules for many systems, which require passwords to have at least one upper-case letter and one numeral, it is obviously anything but secure, Trustwave said.

In its “2012 Global Security Report,” Trustwave summarized its the findings from analyzing nearly 2 million network vulnerability scans and 300 recent security breach investigations.

Company researchers said they found about 5 percent of passwords involved some variation of the world “password.”

In penetration tests last year on clients’ systems, Trustwave said, it put an assortment of widely available password-cracking tools to work on 2.5 million passwords — and successfully broke more than 2.1 million of them.

The best way to make a password secure is to make it longer, the company said, since attackers are increasingly using brute-force tools that simply cycle through all possible character combinations.

While seven-character password has 70 trillion possible combinations, an eight-character password takes that to more than 6 quadrillion, it said.


UPI - United Press International, Inc.

Since 1907, United Press International (UPI) has been a leading provider of critical information to media outlets, businesses, governments and researchers worldwide.

Join the Discussion

Comment Policy: We encourage an open discussion with a wide range of viewpoints, even extreme ones, but we will not tolerate racism, profanity or slanderous comments toward the author(s) or comment participants. Make your case passionately, but civilly. Please don't stoop to name calling. We use filters for spam protection. If your comment does not appear, it is likely because it violates the above policy or contains links or language typical of spam. We reserve the right to remove comments at our discretion.