Summary

On average web users have 25 separate accounts, yet only use around 6.5 different passwords.  No surprise then that over 100 million passwords have been leaked in the past year. What can you do to protect yourself online?

Title:

Simple passwords not enough protection for our increasingly digital world

The art of password cracking has advanced further in recent years than it has in the previous decades combined. At the same time the bad practice of password reuse has increased. According to figures 6.5 is the average number of passwords for a web user, despite maintaining an average of 25 separate accounts. Over 100 million real word passwords has been leaked over the past year.

These leaks have enabled hackers to build-up ever increasing passwords tables. They can realise the techniques people employ to protect simple passwords from traditional dictionary attacks. For example, a simple password such as “Super” can be mangled into “Sup3r”. Newer hardware has also helped contribute to the rise in password cracking. A £1,000 PC (with the right hardware) for instance could try on average an amazing 8.2 billion password combinations each second, depending on the algorithm used to scramble them. A decade ago, such computation speeds would require a supercomputer.

Think you have devised a clever password strengthening technique, think again. It is probably already know to the bad guys.

Data breaches (old news as of Oct 2013- however still relevant)

Drupal, the open CMS (content management system) was hit by a massive data breach meaning nearly one million account passwords will need to be reset.

They have issued a full report on the breach, and are being totally transparent about the breach. “The Drupal.org Security Team and Infrastructure Team has identified unauthorized access to user information on Drupal.org and groups.drupal.org, which occurred via third-party software installed on the Drupal.org server infrastructure.”

They also issued a statement on how to make passwords more secure which reflects advice we’ve given in the past:

  • Do not use passwords that are simple words or phrases
  • Never use the same password on multiple sites or services
  • Use different types of characters in your password (uppercase letters, lowercase letters, numbers, and symbols).

Chinese cyber-espionage hackers are back!

According to reports they have gained access to designs for more than a dozen major US weapons systems, and also blueprints for Australia’s new spy headquarters.

China has repeatedly denied any espionage claims as groundless.

Two-factor Authentication Updates

The list continues to grow – LinkedIn and Twitter have become the latest web giant to join the optional two factor verification fray.

The message? Review all your passwords and make them safe – follow the guidance provided by Dupral above.