Many of us think our passwords are impossible to crack, even if they are simple with just a few characters.
But are you among the people who use the most commonly compromised online logins?
New research by Specops Software has revealed that hackers often easily crack ‘password’, ‘research’ and ‘GGGGGGGG’, along with ‘cleopatra’, ‘passwordGG’ and ‘OOOOOOOOOO’.
The phrase “new employee” also appears in the second and third most commonly compromised 15-character passwords, the findings showed.
Specops said this highlights that IT administrators should avoid predictable and repeatable password patterns when creating accounts for new users.
Worrying: New research by Specops Software has revealed that hackers often easily crack ‘password’, ‘research’ and ‘GGGGGGGG’, along with ‘cleopatra’, ‘passwordGG’ and ‘OOOOOOOOOO’
The phrase “new employee” also appears in the second and third most commonly compromised 15-character passwords, the findings showed.
“It could also suggest that these new users were not forced to change their password and had been using the default ones provided to them by IT for some time,” the Stockholm-based company added.
A key finding from the research was that people should make their passwords longer to make them harder to guess and crack using brute force.
This is a technique in which cybercriminals use tools to try all possible password combinations through countless login attempts until the correct one is identified.
“Longer passwords are better,” said Darren James, senior product manager at Specops Software.
‘And I don’t think that’s news to most IT teams.
‘However, it is important to understand that providing users with long, strong passwords is not a foolproof way to prevent compromised credentials.
“Attackers can still find workarounds, and user behavior can undo a good password policy.”
As part of the investigation, Specops set out to find the most common length of a compromised password, as well as how many longer passwords were being breached.
They defined longer passwords as those longer than 12 characters.
The team analyzed more than 800 million compromised passwords from its list of some four billion unique logins and counting.
As expected, eight-character passwords were the most cracked: 212.5 million of the total.
Most tellingly, however, 85 percent of the compromised logins were those with passwords shorter than 12 characters.
Despite this, Specops warned that increasing password length is ‘only part of the battle for password security.
“It’s important to remember that long passwords can still be compromised through phishing and other forms of social engineering,” the company added in a blog post on its website.
As the researchers expected, eight-character passwords were the most cracked: they accounted for 212.5 million of the total.
Most tellingly, however, 85 percent of the compromised logins were those with passwords shorter than 12 characters.
Warning: This graph shows that it doesn’t matter how many characters or how complex your password is if it is already one of the known compromised logins.
“The biggest risk is that attackers obtain a password database from a less secure website, for example if a hacker breaks into an online store.”
Specops added: “Even if the passwords are hashed, the attacker has all the time available to try to crack them and then figure out who those people are and where they work.”
‘If any of those passwords have been reused at work, it’s an easy route into the employee’s organization.
‘This is why password reuse can be a major Achilles’ heel to what could otherwise be a strong password policy.
“An organization can force end users to use longer, stronger passwords at work, but nothing stops people from reusing those passwords on personal apps and devices with weak security or on unsecured networks.”
A 2021 IBM report revealed that the average global cost of a data breach is now $4.24 million, up 10 percent from 2020.
