The I.Q.D. Team Connection
  • Welcome
  • Iraq News Current
  • PRE & POST RV Information
  • Market Place
  • Twitter Feed
  • Join Our Mailing List
  • Future Of Iraq Project & Other Links
  • The IQD Team Connection Blog & Announcements
  • Quick Links
  • Conf Calls: Recordings
  • Contact Us
  • Financial Planning
  • How to Choose A Financial Advisor
  • Private Bankers: Contacts & Websites
    • Private Bankers - Articles of Interest
  • Computer Security
  • Dinar Dealer & Exchange Info
  • Public Record Sites - Background Checks FREE
  • Real Estate
    • Landlord Tenant Laws & Information
  • Documents: Gifting
  • In Loving Memory of Tim
  • Health & Wellness Blog
  • Health Wellness Products

If You're Using 'Password1,' Change It. Now.~~Repost from March 2012

12/5/2013

 
From Straight Talkin Mike...

If You're Using 'Password1,' Change It. Now.

CNNMoney.com

By Stacy Cowley | CNNMoney.com –

The number one way hackers get into protected systems isn't through a fancy technical exploit. It's by guessing the password.

That's not too hard when the most common password used on business systems is "Password1."

There's a technical reason for Password1's popularity: It's got an upper-case letter, a number and nine characters. That satisfies the complexity rules for many systems, including the default settings for Microsoft's widely used Active Directory identity management software.

Security services firm Trustwave spotlighted the "Password1" problem in its recently released "2012 Global Security Report,


"2012 Global Security Report," which summarizes the firm's findings from nearly 2 million network vulnerability scans and 300 recent security breach investigations.

Around 5% of passwords involve a variation of the word "password," the company's researchers found. The runner-up, "welcome," turns up in more than 1%.

Easily guessable or entirely blank passwords were the most common vulnerability Trustwave's SpiderLabs unit found in its penetration tests last year on clients' systems. The firm set an assortment of widely available password-cracking tools loose on 2.5 million passwords, and successfully broke more than 200,000 of them.

Verizon came up with similar results in its 2012 Data Breach Investigations Report, one of the security industry's most comprehensive annual studies. The full report will be released in several months, but Verizon previewed some of its findings at this week's RSA conference in San Francisco.

Exploiting weak or guessable passwords was the top method attackers used to gain access last year. It played a role in 29% of the security breaches Verizon's response team investigated.

[Related: Smartphone Features You Don't Really Need]

Verizon's scariest finding was that attackers are often inside victims' networks for months or years before they're discovered. Less than 20% of the intrusions Verizon studied were discovered within days, let alone hours.

Even scarier: Few companies discovered the breach on their own. More than two-thirds learned they'd been attacked only after an external party, such as a law-enforcement agency, notified them. Trustwave's findings were almost identical: Only 16% of the cases it investigated last year were internally detected.

So if your password is something guessable, what's the best way to make it more secure? Make it longer.

Adding complexity to your password -- swapping "password" for "p@S$w0rd" -- protects against so-called "dictionary" attacks, which automatically check against a list of standard words.

But attackers are increasingly using brute-force tools that simply cycle through all possible character combinations. Length is the only effective guard against those. A seven-character password has 70 trillion possible combinations; an eight-character password takes that to more than 6 quadrillion.

Even a few quadrillion options isn't a big deal for modern machines, though. Using a $1,500 computer built with off-the-shelf parts, it took Trustwave just 10 hours to harvest its 200,000 broken passwords.

"We've got to get ourselves using stuff larger than human memory capacity," independent security researcher Dan Kaminsky said during an RSA presentation on why passwords don't work.

He acknowledged that it's an uphill fight. Biometric authentication, smartcards, one-time key generators and other solutions can increase security, but at the cost of adding complexity.

"The fundamental win of the password over every other authentication technology is its utter simplicity on every device," Kaminsky said. "This is, of course, also their fundamental failing." To top of page

http://finance.yahoo.com/news/if-you-re-using--password1---change-it--now-.html

Comments are closed.
    Health Products Favs
    Health Books
    Picture
    filterfluoride
    IGNITEChewable Energy
    Get younger skin the natural way with Chews-4-Health™
    Picture
    Picture
    Liquid Zeolite
    Health Books
    Health Products FAV
    Picture
    Get 50% off Vetisse Jimin Ointment

    Categories

    All
    Articles Of Interest
    Automobile
    Banking
    Banking Laws
    Banking Tools
    Books
    Budget Tips
    Business Start Up
    Calculators
    Calling Help Google
    Cashing In
    Cashing In Info
    Cdars
    Changing State Residency
    Charities
    Check Authenticity Of Dinars
    Computer Security
    Con Men
    Credit
    Credit Cards
    Currency Classifications
    Currency Exchange
    Currency Trading Forex
    Debt
    Delarue
    Dinar Dealers - Check Out License
    Dinar Information
    Email Accounts Set Up
    Entities
    Entities Help
    Fair Debt Collection Practices Act
    Financial Planning
    Financing
    Fincen
    Forex & Currency Converters
    Fractional Banking
    Free
    Free Calling
    Fun
    Gifting
    Health & Wellness
    Home Ownership Help
    Home Safety
    Identity Protection
    Insurance
    Internet Crime Center
    Investing
    Iraq Investing
    Iraq News
    Iraq Stock Exchange Isx
    Lop
    Misc
    Modern Money Mechanics
    Money
    Money Financial Planning
    Money. Financial Planning
    Mortgage Scams
    Mr Anonymous
    Music & Inspiration
    News Sources
    Phone Security
    Post Rv Checklists
    Preparedness
    Pre & Post RV Daily Postings
    Privacy
    Private Banking
    Questions To Ask Professionals
    Real Estate
    Retirement
    Rfid Be Aware
    Safes
    Scam & Fraud
    Scam & Fraud
    Security
    Self Help
    Sent In By Our Listeners
    Shopping
    Straight Talkin Mike
    Sudden Wealth
    Tag Account
    Taxes
    Telephone
    Travel
    Twitter
    Veterans Assistance
    Words Of Wisdom

    Garden of Life