Will we EVER learn? The most commonly compromised passwords revealed – so, are you still using any of these phrases?

Many of us think our passwords are uncrackable, even if they’re only simple ones with just a few characters.

But are you among the people using the most commonly compromised online logins?

New research by Specops Software has revealed that ‘password’, ‘research’ and ‘GGGGGGGG’ are often easily cracked by hackers, along with ‘cleopatra’ ‘passwordGG’ and ‘OOOOOOOOOO’. 

The phrase ‘new hire’ also appears in the second and third most commonly compromised 15-character passwords, the findings showed.

Specops said this highlighted that IT administrators should avoid predictable, repeatable password patterns when creating accounts for new users. 

Concerning: New research by Specops Software has revealed that 'password', 'research' and 'GGGGGGGG' are often easily cracked by hackers, along with 'cleopatra' 'passwordGG' and 'OOOOOOOOOO'

Concerning: New research by Specops Software has revealed that ‘password’, ‘research’ and ‘GGGGGGGG’ are often easily cracked by hackers, along with ‘cleopatra’ ‘passwordGG’ and ‘OOOOOOOOOO’ 

The phrase 'new hire' also appears in the second and third most commonly compromised 15-character passwords, the findings showed

The phrase ‘new hire’ also appears in the second and third most commonly compromised 15-character passwords, the findings showed

WHAT IS HACKING BY BRUTE FORCE? 

Brute force attacks are an unsophisticated yet highly effective method of decoding encrypted data such as passwords. 

Cybercriminals use tools to test all possible password combinations through countless login attempts until the correct one is identified. 

The more computing power they have, the faster this process becomes – especially if weak passwords are involved.

However, not all brute force attacks are the same.

Cybercriminals use a range of tactics from simple brute force attacks, which test every possible password combination, to more nuanced approaches such as the hybrid and reverse brute force attacks. 

Each method has a distinct strategy behind it, but the motives behind brute force attacks are the same – cracking passwords to gain unauthorised access to protected information.

Source: Specops Software

‘It could also suggest these new users were not forced to change their password and had been using the default ones given to them by IT for some time,’ the Stockholm-based company added.

A key takeaway from the research was that people should make their passwords longer so they are harder to guess and crack through brute force.

This is a technique where cybercriminals use tools to test all possible password combinations through countless login attempts until the correct one is identified.

‘Longer passwords are better,’ said Darren James, senior product manager at Specops Software. 

‘And I don’t think that’s news to most IT teams. 

‘However, it’s important to understand that equipping users with strong, lengthy passwords isn’t a foolproof way to avoid compromised credentials. 

‘Attackers can still find workarounds – and user behaviour can undo a good password policy.’

As part of the research, Specops set out to find the most common length of a compromised password, as well as how many longer passwords were being breached. 

They defined longer passwords as anything over 12 characters.

The team analysed more than 800 million compromised passwords from its list of some four billion unique logins and counting.

As they expected, eight character passwords were the most commonly cracked – making up 212.5 million of the total.

What was most eye-opening, however, is that 85 per cent of logins that were compromised were those with passwords under 12 characters.

Despite this, Specops warned that increasing password length is ‘only part of the password security battle’. 

‘It’s important to remember that long passwords can still be compromised through phishing and other forms of social engineering,’ the company added in a blog post on its website.

As the researchers expected, eight character passwords were the most commonly cracked – making up 212.5 million of the total

As the researchers expected, eight character passwords were the most commonly cracked – making up 212.5 million of the total

What was most eye-opening, however, is that 85 per cent of logins that were compromised were those with passwords under 12 characters

What was most eye-opening, however, is that 85 per cent of logins that were compromised were those with passwords under 12 characters

Warning: This graphic shows that it doesn't matter how many characters or how complex your password is if it is already one of the known compromised logins

Warning: This graphic shows that it doesn’t matter how many characters or how complex your password is if it is already one of the known compromised logins 

‘The bigger risk is attackers getting their hands on a database of passwords from a less secure website, for example say a hacker gets into an online store.’

Specops added: ‘Even if the passwords are hashed, the attacker has all the time in the word to try and crack them, and then figure out who those people are and where they work. 

‘If any of those passwords have been reused at work, it’s an easy route into the employee’s organisation.

‘This is why password reuse can be a major Achilles heel of what could be an otherwise strong password policy. 

‘An organisation might enforce end users to use longer, strong passwords at work, but there’s nothing stopping people reusing those passwords on personal applications and devices with weak security or on unsecure networks.’

An IBM report in 2021 revealed that the average global cost of a data breach is now $4.24 million – 10 per cent higher than 2020. 

Tips to ensure your passwords are safe 

1. Deploy a password manager

Password managers allow you to store all the passwords in end-to-end encrypted digital storage locked with a single keyword for the most convenience. Most password managers have additional features to check passwords’ strength and automatically generate unique passwords. For organizations, they can come in handy when sharing passwords with employees or managing their access.

2. Introduce cybersecurity training

 Since simple human mistakes remain the leading cause of data breaches, it is worth investing in cybersecurity training sessions for employees. Starting from the basics might be a good idea given that people have different technology background levels.

3. Enable multi-factor authentication

Known as MFA, it serves as an extra layer of security. It is an authentication method that uses two or more mechanisms to validate the user’s identity – these can be separate apps, security keys, devices, or biometric data.

Source: NordPass

source: dailymail.co.uk