Will we EVER learn? The most commonly compromised passwords revealed – so, are you still using any of these phrases?

By James On Oct 2, 2023

Many of us think our passwords are uncrackable, even if they are simple passwords with just a few characters.

But are you among the people using the most compromised online logins?

New research from Specops Software has found that ‘password’, ‘research’ and ‘GGGGGGGG’ are often easily cracked by hackers, along with ‘cleopatra’ ‘passwordGG’ and ‘OOOOOOOOOO’.

The term “new hire” also appears in the second and third most compromised 15-character passwords, the findings showed.

According to Specops, this highlights the need for IT administrators to avoid predictable, repeatable password patterns when creating accounts for new users.

Subject: New research from Specops Software has found that ‘password’, ‘research’ and ‘GGGGGGGG’ are often easily cracked by hackers, along with ‘cleopatra’ ‘passwordGG’ and ‘OOOOOOOOOO’

The term ‘new hire’ also appears in the second and third most compromised 15-character passwords, the findings showed

WHAT IS BRUTE FORCE HACKING?

Brute force attacks are a straight forward but highly effective method for decrypting encrypted data such as passwords.

Cybercriminals use tools to test all possible password combinations through numerous login attempts until the correct one is identified.

The more computing power they have, the faster this process happens – especially when it comes to weak passwords.

However, not all brute force attacks are the same.

Cybercriminals use a range of tactics, from simple brute force attacks, where every possible password combination is tested, to more nuanced approaches such as the hybrid and reverse brute force attacks.

Each method has its own strategy, but the motives behind brute force attacks are the same: cracking passwords to gain unauthorized access to protected information.

Source: Specops software

“It could also indicate that these new users were not forced to change their passwords and had been using the default passwords given to them by IT for some time,” the Stockholm-based company added.

A key conclusion from the study was that people should make their passwords longer so that they are harder to guess and crack by brute force.

This is a technique in which cybercriminals use tools to test all possible password combinations through numerous login attempts until the correct one is identified.

“Longer passwords are better,” says Darren James, senior product manager at Specops Software.

“And I don’t think that’s news to most IT teams.

‘However, it is important to understand that equipping users with strong, long passwords is not a foolproof way to prevent compromised credentials.

“Attackers can still find workarounds – and user behavior can undo good password policies.”

As part of the research, Specops wanted to find out the most common length of a compromised password, as well as how many longer passwords were breached.

They defined longer passwords as anything over 12 characters.

The team analyzed more than 800 million compromised passwords from the list of some four billion unique logins and counting.

As they expected, eight-character passwords were the most frequently cracked – 212.5 million of the total.

What was most startling, however, is that 85 percent of the logins that were compromised had passwords of less than 12 characters.

Despite this, Specops warned that increasing password length ‘just part of the password security battle.”

“It’s important to remember that long passwords can still be compromised by phishing and other forms of social engineering.” the company added in a blog post on its website.

As the researchers expected, eight-character passwords were the most frequently cracked – accounting for 212.5 million of the total.

What was most startling, however, is that 85 percent of the logins that were compromised had passwords of less than 12 characters.

Warning: This image shows that it doesn’t matter how many characters or how complex your password is if it is already one of the known compromised logins

“The bigger risk is that attackers will obtain a database of passwords from a less secure website, for example if a hacker breaks into an online store.”

Specops added: “Even if the passwords are hashed, the attacker has plenty of time to try to crack them and then find out who those people are and where they work.

“If one of those passwords has been reused at work, it’s an easy route to the employee’s organization.

“This is why password reuse can be a major Achilles heel to what could otherwise be a strong password policy.

“An organization can force end users to use longer, strong passwords at work, but there’s nothing stopping people from reusing those passwords on personal applications and devices with weak security or on insecure networks.”

A 2021 IBM report found that the average global cost of a data breach is now $4.24 million – up 10 percent from 2020.

Tips to ensure your passwords are secure

1. Implement a password manager

Password managers allow you to store all passwords in end-to-end encrypted digital storage, locked with a single keyword, for the utmost convenience. Most password managers have additional features to check password strength and automatically generate unique passwords. They can be useful for organizations when sharing passwords with employees or managing their access.

2. Introduce cybersecurity training

As simple human errors remain the leading cause of data breaches, it is worth investing in cybersecurity training for employees. Starting from the basics can be a good idea as people have different levels of technological background.

3. Enable multi-factor authentication

It is known as MFA and serves as an extra layer of security. It is an authentication method that uses two or more mechanisms to validate the user’s identity – these can be individual apps, security keys, devices, or biometrics.

Source: NordPass