- Billions of passwords are breached every year, says SpecOps report
- Millions of users are guilty of poor password hygiene
- Strong passwords are the first line of defense against data breaches
Passwords are being breached at an alarming rate and bad actors are gaining access to victims’ accounts using weak, easily compromised credentials, experts have warned.
A new study from SpecOps has found that more than a billion passwords were stolen in malware attacks over a 12-month period, highlighting how widespread the problem is.
Most of us are guilty of using lazy passwords or reusing credentials at some point, but new research shows just how much it harms users.
Strength in numbers
Stolen credentials are involved in nearly half of all data breaches (44%), and with breaches often costing businesses millions for each incident, the cost of lazy passwords could be seriously detrimental to your business.
The most commonly compromised password was “123456,” found in more than 1.4 million breached credentials. Worryingly, of the 1.8 million admin credentials breached, 40,000 admin portal accounts had the password “admin”, meaning even IT professionals don’t take the threat seriously.
However, an equally worrying finding is that 230 million of the breached passwords actually met the standard complexity requirements – so they were longer than eight letters, had at least one uppercase letter, one number and one special character.
Length does not necessarily protect a password, as more than 31 million breached passwords were longer than 16 characters. Long passwords hashed with bcrypt can take “millions of years to crack”, but no matter how long your password is, if you reuse a cracked password, it is immediately compromised.
This just illustrates that when it comes to passwords, more is more, and you can’t be too careful about how you choose to protect your accounts. Hackers can exploit weak passwords through brute force attacks, mask attacks, and dictionary attacks. Common words and expressions are therefore not recommended.
“The number of passwords stolen by malware should be a concern for organizations,” said Darren James, senior product manager at Specops Software.
“Even if your organization’s password policy is strong and meets compliance standards, it will not protect passwords from theft by malware. »
Stay safe
Secure passwords provide vital protection against a number of different threats, including identity theft and social engineering attacks, which can leave victims in real financial or legal trouble.
To avoid becoming a victim of stolen credentials, there are some tips for strengthening your passwords to make yourself as secure as possible.
Your password should ideally be at least 14 characters long, with a mix of lowercase, uppercase, symbols and numbers.
The worst and easiest passwords to crack are any variation of “Password 123”, “123456” or “admin”, so avoid anything generic.
Don’t use the names or birthdays of family members or friends, or well-known people, and try to make them as obscure as possible.
Unfortunately, the best practice is to choose a new password for each site, because reused passwords render even ultra-secure credentials useless if a site is compromised.
Make sure you never share your password with anyone, including friends and family, and never send yourself (or anyone else) your password via email, message or any other form of understandable communication. If you need help remembering your passwords, we suggest physically writing them down in a secure location that no one else has access to.
Do not disclose your password to anyone who calls or emails you pretending to be your bank, a friend, or any other unknown source. Always call your bank via their official number (which you can find online) before giving any details.
If you want to use a third party to make sure your credentials are as secure as possible, we’ve put together a list of the best password managers on the market. These can be used to keep all your passwords in one place and save you from having to remember each one.
At the same time, you can use the best password generators on the market. These simply generate passwords that are secure and virtually impossible to guess, as they are usually randomly generated using a set of criteria that make them an ultra-secure option.
