New Study Reveals That 60% of Passwords Are Guessed During Attacks
What is the last password you entered to log into one of your accounts? Are you confident that this password is strong enough to withstand cyber attackers? Such passwords as password321, iloveyou, football, donaldtrump, or even !@#$%^&* are not safe. As a matter of fact, anyone could guess them. Unfortunately, people are not always careful about how they share their usernames or email addresses either, and that puts their virtual security at serious risk. Let’s say you encountered a banner ad suggesting that you are eligible for a prize giveaway. If you are fooled by the scam, you might disclose your email address without even thinking about your virtual security. Once schemers have this piece of information, they can employ software to try to guess the password that is linked to the address.
According to the annual report published by Rapid7, 72% of IT security organizations had passwords compromised, and 60% of those were easily-guessable passwords. That means that, for the most part, we are the ones who cause password vulnerabilities and create perfect conditions so that hackers can guess weak passwords. Luckily, there is hope, and you can turn things around today.
Users must learn about password vulnerabilities
When it comes to passwords, the responsibility lies in the hands of users. Hackers can guess weak passwords without much trouble, and so it is important that every single password is taken care of. That includes default passwords that might bet set on printers, routers, and other devices that the attackers could use to gain access to all of the associated systems.
There are plenty of password vulnerabilities that make it much easier for the attackers to brute-force them and, eventually, overtake users’ accounts. These vulnerabilities include:
- RECYCLING – the same password is reused on one or multiple other accounts.
- POOR LENGTH – the password is too short. Users are advised to use as many characters as possible. If, for example, you can choose from 6 to 16 characters, opt for the 16 characters.
- EASILY GUESSABLE COMBINATION – if the password you choose to guard the entrance to your virtual account is easy to guess, you are simply asking for trouble.
- LETTERS ONLY – if you opt for a letters-only combination, your password will not be safe. When possible, use numbers and special symbols too, and also add upper and lower case letters.
- OVERSHARING – if you worry about password vulnerabilities, you do NOT want to write down your passwords on post-it notes or share them with anyone.
- POOR SECURITY – sometimes, even the strongest passwords cannot be saved against data breaches and smart cyber criminals, and, in many cases, poor security is to blame for that.
IT security companies are not the only ones at risk
Are hackers more interested in breaching the passwords that belong to large companies? Some hacking groups are certainly more interested in taking over the accounts that belong to government agencies, large organizations, and other entities to extract highly sensitive information and make bigger attacks possible. That being said, hackers are not ignoring regular users either. First of all, for the most part, the accounts of these users are generally less secure due to existing password vulnerabilities. That means that the attackers can be more successful on a lower scale.
Second, all information is important and sellable. If hackers can guess weak passwords, they can take over online baking accounts, social media accounts, email accounts, etc. This could give them access to a great deal of sensitive information, including your social security number, credit card numbers, healthcare information, photos, home address, telephone numbers, and so on. All of this could help schemers perform identify theft, create fake profiles, and, eventually, impersonate you.
Here’s how you can protect your passwords
Now that you are aware of the different password vulnerabilities and you know that hackers can guess weak passwords, you need to start making some changes. First and foremost, change your passwords! This will not be that easy to do if you have many accounts and if you decide to go about the task one password at a time. Luckily, that is not your only option. You can employ a password manager that will help you change all of your passwords from one window. Cyclonis Password Manager is a free utility, and you can upload all of your passwords to it. Then, the integrated Password Analyzer will assess them all, and you will be informed which ones need to be changed. Finally, using the utility, you will be able to “fix” the issue and abolish password vulnerabilities.
The Cyclonis Password Manager will keep your passwords safe at all times, and it will also make it easier for you to log into your virtual accounts. Furthermore, because you will not need to enter your passwords one key at the time, you will be able to make them as complex as possible (a prime example of that would be something like this: =0-e0V__-?#G=k+!C|+l3-^^$=?j:&4@). At the same time, you will protect your passwords against keyloggers and other types of malware that could try to read your passwords without your notice. Speaking of malware, do not forget that overall security is very important, and you want to implement reliable security software to guarantee full-time protection.
Finally, do not forget that information is a key that unlocks many doors. When data breaches occur, timing is everything, and if you can learn about a breach right away, your chances of preventing account takeover and further security issues can increase dramatically. It is also important to know when you can handle issues on your own and when the time to seek help comes. If, for example, you find out that your online banking account was breached due to existing password vulnerabilities, do not play a hero and immediately contact your bank. They will know how to help you the best.