Are your passwords putting you at risk? Find out the most commonly compromised phrases now!
- Replies 7
Many of us have become familiar with the risks of living in a modern, digital world.
Prevention is said to be the key to protecting your information and online accounts, and a large chunk of that comes down to choosing the correct passwords.
You may have heard that longer passwords, which are more unique, are harder for hackers to crack, but what about when it comes to the words we choose?
New research conducted by Specops Software, a password management and authentication solution provider, has highlighted which words and phrases run the greatest risk of being compromised.
After analysing more than 800 million compromised passwords, results showed that short, simple passwords such as 'password', 'research', 'GGGGGGGG', 'cleopatra', 'passwordGG', and 'OOOOOOOOOO' are often the most easily cracked by hackers.
The phrase 'new hire' also appears in the second and third most vulnerable 15-character passwords.
'It could also suggest these new users were not forced to change their password and had been using the default ones given to them by IT for some time,' a representative from Specops Software said.
Of course, the longer the password is, the harder it is for computers to crack it. Specops Software advised that people should make their passwords longer and use less predictable words so they are harder to guess and even harder to crack via 'brute force'.
Hacking by 'brute force' is a highly effective technique of decoding encrypted data where cyber criminals use tools to test all possible password combinations through multiple login attempts until the correct code is identified.
Though not all 'brute force' is the same, some cyber criminals use different strategies ranging from simple to more nuanced approaches. One example is the reverse brute force attack, where a common password is used on multiple usernames to find an account that uses the password.
'Longer passwords are better,' said Darren James, Senior Product Manager at Specops Software.
'I don't think that's news to most IT teams.'
'However, it's important to understand that equipping users with strong, lengthy passwords isn't a foolproof way to avoid compromised credentials.
'Attackers can still find workarounds—and user behaviour can undo a good password policy.'
Furthermore, the company defined 'longer passwords' as one having over 12 characters.
While 212.5 million, out of all the analysed passwords, had under eight characters and were found to be the most compromised passwords.
It was also discovered that 85 per cent of compromised passwords had under 12 characters.
Specops said creating a lengthy password is 'only part of the password security battle'.
'It's important to remember that long passwords can still be compromised through phishing and other forms of social engineering,' they added.
'The bigger risk is attackers getting their hands on a database of passwords from a less secure website, for example, say a hacker gets into an online store.'
'Even if the passwords are hashed, the attacker has all the time in the world to try and crack them, and then figure out who those people are and where they work.
'If any of those passwords have been reused at work, it's an easy route into the employee's organisation.
'This is why password reuse can be a major Achilles heel of what could be an otherwise strong password policy.
'An organisation might enforce end users to use longer, strong passwords at work, but there's nothing stopping people reusing those passwords on personal applications and devices with weak security or on unsecured networks.'
To protect yourself from these kinds of attacks, below are some suggestions:
Many have turned to password managers for added safety, with one SDC member, @Peter M, saying: 'I use a password manager called Bitwarden it's free and makes long and hard passwords, I only have to remember the one password to open Bitwarden tap on it and it fills in my password for me.'
'It is easy to import all your saved passwords to it, and you can change them to more complicated ones if you want, it will still save the old one for you.'
While member @kenrconn shared: 'I just checked my iPhone “Passwords” and I am horrified how many reports there are about repeated passwords I have used. Some of these are from a long time ago when it didn’t seem much of an issue but they could, now, easily cause me a problem.'
To view your passwords on your iPhone, go to settings, click passwords, and click on security recommendations to see which passwords you should update the soonest.
Share this article with your loved ones to protect them from hackers!
And if you have other tips on keeping your passwords secure, share them with us in the comments below.
Prevention is said to be the key to protecting your information and online accounts, and a large chunk of that comes down to choosing the correct passwords.
You may have heard that longer passwords, which are more unique, are harder for hackers to crack, but what about when it comes to the words we choose?
Research done by Specops Software revealed a list of easily compromised passwords. Image source: Freepik.
New research conducted by Specops Software, a password management and authentication solution provider, has highlighted which words and phrases run the greatest risk of being compromised.
After analysing more than 800 million compromised passwords, results showed that short, simple passwords such as 'password', 'research', 'GGGGGGGG', 'cleopatra', 'passwordGG', and 'OOOOOOOOOO' are often the most easily cracked by hackers.
The phrase 'new hire' also appears in the second and third most vulnerable 15-character passwords.
'It could also suggest these new users were not forced to change their password and had been using the default ones given to them by IT for some time,' a representative from Specops Software said.
Of course, the longer the password is, the harder it is for computers to crack it. Specops Software advised that people should make their passwords longer and use less predictable words so they are harder to guess and even harder to crack via 'brute force'.
Hacking by 'brute force' is a highly effective technique of decoding encrypted data where cyber criminals use tools to test all possible password combinations through multiple login attempts until the correct code is identified.
Though not all 'brute force' is the same, some cyber criminals use different strategies ranging from simple to more nuanced approaches. One example is the reverse brute force attack, where a common password is used on multiple usernames to find an account that uses the password.
'Longer passwords are better,' said Darren James, Senior Product Manager at Specops Software.
'I don't think that's news to most IT teams.'
'However, it's important to understand that equipping users with strong, lengthy passwords isn't a foolproof way to avoid compromised credentials.
'Attackers can still find workarounds—and user behaviour can undo a good password policy.'
Furthermore, the company defined 'longer passwords' as one having over 12 characters.
While 212.5 million, out of all the analysed passwords, had under eight characters and were found to be the most compromised passwords.
It was also discovered that 85 per cent of compromised passwords had under 12 characters.
Specops said creating a lengthy password is 'only part of the password security battle'.
'It's important to remember that long passwords can still be compromised through phishing and other forms of social engineering,' they added.
'The bigger risk is attackers getting their hands on a database of passwords from a less secure website, for example, say a hacker gets into an online store.'
'Even if the passwords are hashed, the attacker has all the time in the world to try and crack them, and then figure out who those people are and where they work.
'If any of those passwords have been reused at work, it's an easy route into the employee's organisation.
'This is why password reuse can be a major Achilles heel of what could be an otherwise strong password policy.
'An organisation might enforce end users to use longer, strong passwords at work, but there's nothing stopping people reusing those passwords on personal applications and devices with weak security or on unsecured networks.'
To protect yourself from these kinds of attacks, below are some suggestions:
Many have turned to password managers for added safety, with one SDC member, @Peter M, saying: 'I use a password manager called Bitwarden it's free and makes long and hard passwords, I only have to remember the one password to open Bitwarden tap on it and it fills in my password for me.'
'It is easy to import all your saved passwords to it, and you can change them to more complicated ones if you want, it will still save the old one for you.'
While member @kenrconn shared: 'I just checked my iPhone “Passwords” and I am horrified how many reports there are about repeated passwords I have used. Some of these are from a long time ago when it didn’t seem much of an issue but they could, now, easily cause me a problem.'
To view your passwords on your iPhone, go to settings, click passwords, and click on security recommendations to see which passwords you should update the soonest.
And if you have other tips on keeping your passwords secure, share them with us in the comments below.
Last edited:
.png){kind=icon}
