Skip to content

Posts tagged ‘security’

25
Jan

Passwords

A recent study has been published identifying the worst passwords used on computer systems. “123456″ claims the top stop with others such as “Password” and “123456789″.

1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123
(Source: PCWorld)

Although some may have, many seem to not be aware just how easy it would be for hackers to brute force attack someone’s account and again access.

“To quantify the issue, the combination of poor passwords and automated attacks means that in just 110 attempts, a hacker will typically gain access to one new account on every second or a mere 17 minutes to break into 1000 accounts,” Imperva said in its report.

Just looking at the SSH logs from my two Linux servers they are subject to thousands of login attempts everyday. Internet bots trying to gain access.

Its not just users that are the problem I find by not picking good, strong passwords. I have several passwords for various services/accounts etc. Some passwords make sense, some don’t, some I don’t even know by memory. Sometimes I forget these and go though the password recovery steps on websites. I find there is about 50% chance that the website will send me my password in an email. I have even come across one certain website that will send me a password reminder whenever it chooses to. Although that’s great and I have my password its not great in the fact I now have an email displaying my password sitting in my in-box. What happens if my email account gets compromised? You’d just be able to search my inbox for various passwords. Although I delete these emails I suspect a large sum of people don’t. This is one trick someone used in gain access to various things relating to twitter.

I think in some respects you can hardly blame users when companies are sending out passwords in plain text which is just as bad. This shows two potential problems which would have dangerous consequences if account details ever became leaked or compromised 1) They store your password in plain text or 2) They store your password in reversible encryption.

So.. Change your passwords, don’t have the same password, delete those password recovery emails would be my advice!