Will we EVER learn? The most commonly compromised passwords revealed – so, are you still using any of these phrases?
Many of us think our passwords are uncrackable, even if they are simple passwords with just a few characters.
But are you among the people using the most compromised online logins?
New research from Specops Software has found that ‘password’, ‘research’ and ‘GGGGGGGG’ are often easily cracked by hackers, along with ‘cleopatra’ ‘passwordGG’ and ‘OOOOOOOOOO’.
The term “new hire” also appears in the second and third most compromised 15-character passwords, the findings showed.
According to Specops, this highlights the need for IT administrators to avoid predictable, repeatable password patterns when creating accounts for new users.
Subject: New research from Specops Software has found that ‘password’, ‘research’ and ‘GGGGGGGG’ are often easily cracked by hackers, along with ‘cleopatra’ ‘passwordGG’ and ‘OOOOOOOOOO’
The term ‘new hire’ also appears in the second and third most compromised 15-character passwords, the findings showed
“It could also indicate that these new users were not forced to change their passwords and had been using the default passwords given to them by IT for some time,” the Stockholm-based company added.
A key conclusion from the study was that people should make their passwords longer so that they are harder to guess and crack by brute force.
This is a technique in which cybercriminals use tools to test all possible password combinations through numerous login attempts until the correct one is identified.
“Longer passwords are better,” says Darren James, senior product manager at Specops Software.
“And I don’t think that’s news to most IT teams.
‘However, it is important to understand that equipping users with strong, long passwords is not a foolproof way to prevent compromised credentials.
“Attackers can still find workarounds – and user behavior can undo good password policies.”
As part of the research, Specops wanted to find out the most common length of a compromised password, as well as how many longer passwords were breached.
They defined longer passwords as anything over 12 characters.
The team analyzed more than 800 million compromised passwords from the list of some four billion unique logins and counting.
As they expected, eight-character passwords were the most frequently cracked – 212.5 million of the total.
What was most startling, however, is that 85 percent of the logins that were compromised had passwords of less than 12 characters.
Despite this, Specops warned that increasing password length ‘just part of the password security battle.”
“It’s important to remember that long passwords can still be compromised by phishing and other forms of social engineering.” the company added in a blog post on its website.
As the researchers expected, eight-character passwords were the most frequently cracked – accounting for 212.5 million of the total.
What was most startling, however, is that 85 percent of the logins that were compromised had passwords of less than 12 characters.
Warning: This image shows that it doesn’t matter how many characters or how complex your password is if it is already one of the known compromised logins
“The bigger risk is that attackers will obtain a database of passwords from a less secure website, for example if a hacker breaks into an online store.”
Specops added: “Even if the passwords are hashed, the attacker has plenty of time to try to crack them and then find out who those people are and where they work.
“If one of those passwords has been reused at work, it’s an easy route to the employee’s organization.
“This is why password reuse can be a major Achilles heel to what could otherwise be a strong password policy.
“An organization can force end users to use longer, strong passwords at work, but there’s nothing stopping people from reusing those passwords on personal applications and devices with weak security or on insecure networks.”
A 2021 IBM report found that the average global cost of a data breach is now $4.24 million – up 10 percent from 2020.