People’s Passwords

Excellent article on password protection and passwords is found on CXO Magazine’s website.

Go over and look at their chart on passwords.   Also here is our team’s Assistant Network Administrator -Dawn Babian’s article reprinted to compliment this article.

Weak Passwords Still Being Used

Dawn Babian, GSAE

A recent report released by security vendor Imperva, Inc., shows that most internet users still use short, weak passwords. These types of passwords make it easy for hackers to gain access to user accounts.

Imperva based their report on the 32 million passwords that were exposed during a recent database intrusion at RockYou Inc., developers of several popular facebook applications. An extensive analysis of the passwords which had been stored in clear text by the company showed that approximately 30% of the passwords in the list were six characters or smaller, 60% of the passwords were created from a limited set of alphanumeric characters. Almost 50% of the accounts had passwords that were easy to guess, such as consecutive numbers or adjacent keyboard keys, common words or phrases.The top five passwords used by RockYou users included, “123456,” “12345,” “123456789,” the word “password,” and “iloveyou.”

Most of the top 5000 words in the hacked database are the same as those found in password dictionaries which hackers use to brute-force their way into accounts. It was noted by Amichai Shulman, the chief technology officer for Imperva, that on average an attacker using one of those password dictionaries would have been able to break into a RockYou account at the rate of approximately one every second using an automated password-guessing tool.

The troubling aspect of this practice is that users don’t realize how they may be compromising their workplace systems especially if they use the same passwords for all of their user accounts. Password insecurity could have serious consequences for the enterpise.

NASA provides recommendations for strong password selection:

1. Passwords should contain at least eight characters.
2. Passwords should contain a mix of four different types of characters – uppercase and lowercase letters, numbers and special characters. The first and last characters should not be a special character if the password contains only one special character.
3. Passwords should not be a name, slang word, or any word in the dictionary. It should not contain any part of a user’s name or email address.

Recommendations for users include choosing a strong password for all sites where privacy of the information is important and use a different password for all sites, even for ones where privacy isn’t a concern and never trust a 3rd party with important passwords.

Recommendations for administrators include enforcing a strong password policy, make sure passwords are not transmitted in clear text, make sure passwords are not stored in clear text, actively put obstacles in the way of a brute-force attacker – such as CAPTCHAs or computational challenges. Create a password change policy. Encourage users to use passphrases instead of passwords.


About TCAT Shelbyville IT Department

The Tennessee College of Applied Technology - is one of 46 institutions in the Tennessee Board of Regents System, the seventh largest system of higher education in the nation. This system comprises six universities, fourteen community colleges, and twenty-six Applied Technology Colleges.
This entry was posted in Computers and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s