- Billions of passwords are broken every year, the specops report claims
- Millions of users are guilty of bad password hygiene
- Strong passwords is the first defense line against data breach
Passwords are broken at an alarming speed, and threat players gain access to victims’ accounts through weak and slightly compromised credentials, experts have warned.
New research from Specops has revealed that over a billion passwords were stolen in malware attacks for a period of 12 months, which emphasizes how widespread the problem is.
Most of us are guilty of using lazy passwords or recycling credentials at some point, but new research from shows how much damage it does to users.
Strength in numbers
Stolen credentials are involved in almost half of all data breaches (44 %), and since breaches often cost millions for each event, the cost of lazy passwords can be severely harmful to your business.
The most common compromised password was “123456” found in over 1.4 million violated credentials. Worrying enough, of the 1.8 million violated administrator information had 40,000 admin portal accounts password “admin”, which means even IT employees do not take the threat seriously.
An equally worrying discovery, however, is that 230 million of the broken passwords actually met the standard requirements for complexity – the same was over eight letters, had at least one capital letter, one number and one special character.
Length does not necessarily protect a password as over 31 million of the offended passwords were over 16 characters long. Long passwords hash -made with bcrypt can take ‘millions of years to crack’, but no matter how long your password is, if you recycle a broken password, it will be compromised immediately.
This simply illustrates that when it comes to passwords, is more more and you can’t be too careful about how you choose to protect your accounts. Hackers can take advantage of weak passwords through brute force attacks, mask attacks and dictionary attacks – so ordinary words and phrases are not recommended.
“The amount of passwords being stolen by malware should be a concern for organizations,” said Darren James, Specops Software Senior Product Manager.
“Even if your organization’s password policy is strong and adheres to compliance standards, this will not protect passwords from being stolen by malware.”
Remains safe
Safe passwords are a vital protection against a variety of threats, including identity theft and social engineering attacks, which can leave victims in real economic or legal difficulties.
To avoid becoming a victim of stolen credentials, there are some tips to strengthen your passwords to make you as secure as possible.
Your password should ideally be at least 14 characters, with a mixture of lowercase, uppercase, symbols and numbers.
The worst, easiest broken passwords are any variation of ‘password123’, ‘123456’ or ‘admin’, so avoid everything generic.
Do not use names or birthdays of family or friends, or well -known characters, and try to make it as unclear as possible.
Frustrating enough is best practice to select a new password for each site as recycled passwords make even the ultrasic credentials useless if a site is compromised.
Make sure to never share your password with anyone, including friends and family – and never send yourself (or anyone else) your password via email, message or any other form of compatible communication. If you need help remembering your passwords, we suggest you physically write them down in a safe place where no one else has access to.
Don’t give your password away to someone calling or sending you an email and claiming to be your bank, a friend or unknown source. Always call back to your bank via their official number (which you can find online) before giving any details away.
If you want to use a third party to ensure that your credentials are as secure as possible, we have compiled a list of the best password managers. These can be used to store all your passwords in one place and remove the hassle of having to remember each one.
Next to this you can use the best password generators on the market. These simply generate passwords that are safe and virtually impossible to guess as they are typically generated randomly using a set of criteria that makes them a super safe option.
