Easy passwords undermine security

Easy passwords undermine security
Back
27 April 2006

Online and office computer security is a chain that is only as strong as the weakest link. And, in many cases, the simplest of internal security measures, passwords, are the Achilles Heel.
While many sites and businesses attempt to tighten up by insisting on passwords of between 8 and 12 characters plus a number, the users themselves are unwittingly undermining the spirit of this and other steps to protect systems.
 
In theory – and practice – anyone with a bit of insider knowledge can take a pretty good stab at guessing a password. And once logged in could wreak all kinds of havoc. It doesn’t take a vivid imagination to see the damage a disgruntled or inquisitive employee could inflict.
 
So what makes for a weak password? Well, if you use any of the following it may be a good idea to change them ASAP:
  • Your dog’s name, forwards or backwards
  • One of your kids’ names
  • Your own (nick)name
  • Your village, town or house name
  • Password or Computer
  • Okay (ok)
  • Administrator (admin) or similar
Another bad habit to avoid is using the same username and password for every login. By using different username/passwords for different sites and login portals, the damage that could be caused by a breach of security is drastically reduced.
 
In short, a strong password uses a mixture of upper and lower case letters, numbers and punctuation characters.
 
IT security company, Sophos are strongly urging companies to educate their employees on the importance of choosing unique and multiple passwords to thwart the onslaught of cyber criminal activity in the workplace.
 
A web poll of more than 500 business PC users, conducted by Sophos, has revealed that only 14% use a different password for every website they access. A worrying 41% admitted to using the same password all the time, and 45% admitted that they had a small handful of different passwords to choose from.
 
“It is madness to use the same password for accessing a website which tells you the football results, as the one which gives you access to your online bank account," said Graham Cluley, senior technology consultant for Sophos. "If hackers manage to steal your password, and you use the same password for all websites, then it's giving them an open invitation to steal your identity and leave you with a large hole in your virtual wallet.”
 
He added that weak passwords are risking business data and employees need to be educated.
 
“Cyber criminals are becoming increasingly canny at finding ways of exploiting vulnerable users and pilfering funds. By ignoring, or not realising how easily fraudsters can crack weak passwords, some employees are practically handing their private information over on a plate. Users must be vigilant in choosing multiple, unpredictable passwords to ensure the security of business networks and personal data,” continued Cluley.
 
While his comments are directed at external threats, the same applies, too, to employees. A little knowledge is dangerous, and it’s not safe to assume anyone, given the opportunity, is above taking a look around places they’re not supposed to go.