Easily Guessed Computer Passwords A Risk
March 6, 2012 by UPI - United Press International, Inc.
SAN FRANCISCO (UPI) — Hackers often get into protected systems by simply guessing the password, which is often made too easy for them by users, U.S. security experts say.
Security services firm Trustwave says it found the most common password used on business computer systems is “Password1,” CNN reported Monday.
Although it satisfies the complexity rules for many systems, which require passwords to have at least one upper-case letter and one numeral, it is obviously anything but secure, Trustwave said.
In its “2012 Global Security Report,” Trustwave summarized its the findings from analyzing nearly 2 million network vulnerability scans and 300 recent security breach investigations.
Company researchers said they found about 5 percent of passwords involved some variation of the world “password.”
In penetration tests last year on clients’ systems, Trustwave said, it put an assortment of widely available password-cracking tools to work on 2.5 million passwords — and successfully broke more than 2.1 million of them.
The best way to make a password secure is to make it longer, the company said, since attackers are increasingly using brute-force tools that simply cycle through all possible character combinations.
While seven-character password has 70 trillion possible combinations, an eight-character password takes that to more than 6 quadrillion, it said.