- Millions of passwords are violated every year, the Specops report states
- Millions of users are guilty of poor password
- Safe passwords are the first line of defense against data violations
Passwords are being violated at an alarming pace, and threat actors are obtaining access to victims accounts through weak and easily committed credentials, experts warned.
New Specops investigation has revealed that more than one billion passwords were stolen in malware attacks in a period of 12 months, highlighting how extended it is the problem.
Most of us are guilty of using lazy passwords, or reusing credentials at some point, but a new sample research how much damage is doing to users.
Strength in numbers
The stolen credentials are involved in almost half of all data violations (44%), and with the infractions that often cost companies millions for each incident, the cost of lazy passwords could be seriously harmful to their business.
The most commonly compromised password was “123456”, which is located at more than 1.4 million violated credentials. Occorbatingly, the 1.8 million administrator credentials, 40,000 administrator portal accounts had the ‘admin’ password, which means that even IT workers are not taking the threat seriously.
However, an equally worrying discovery is that 230 million raped passwords really met the standard complexity requirements, so they were more than eight letters, they had at least one capital letter, a number and a special character.
The length does not necessarily protect a password, since more than 31 million raped passwords had more than 16 characters in length. Long passwords with BCRYPT can take “millions of years to break”, but no matter how long your password is, if you reuse a raped password, you are immediately compromised.
This only illustrates that when it comes to passwords, more is more, and it cannot be too careful with the way you choose to protect your accounts. Computer pirates can exploit weak passwords through brute force attacks, mask attacks and dictionary attacks, so common words and phrases are not recommended.
“Malware stolen amount of passwords should be a concern for organizations,” said Darren James, Sencops Senior Senior Senior Manager.
“Even if your organization’s password policy is strong and meets compliance standards, this will not protect passwords from being stolen by malware.”
Stay safe
Safe passwords are a vital protection against several different threats, including identity theft and social engineering attacks, which can leave victims in real financial or legal difficulties.
To avoid being a victim of stolen credentials, there are some tips to reinforce their passwords to do it as safely as possible.
Ideally, your password must be at least 14 characters, with a combination of lowercase, capitals, symbols and numbers.
The worst passwords that are easier to break are any variation of ‘password123’, ‘123456’ or ‘administrator’, so keep away from anything generic.
Do not use the names or birthdays of family or friends, or well -known characters, and try to do it as dark as possible.
Frustively, the best practice is to choose a new password for each site, since reused passwords make even ultra safe credentials useless if a site is compromised.
Be sure to never share your password with anyone, including friends and family, and never send (or no one else) your password by email, message or any other form of componable communication. If you need help to remember your passwords, we suggest writing them physically somewhere, where no one else has access.
Do not reveal your password to anyone who calls or sends an email that claims to be your bank, a friend or any unknown source. Always call your bank through your official number (which you can find online) before giving any detail.
If you want to use a third to make sure your credentials are as sure as possible, we have gathered a list of the best password administrators. These can be used to keep all your passwords in one place and eliminate the discomfort of having to remember each one.
Along with this, I could use the best password generators in the market. These simply generate passwords that are safe and practically impossible to guess, since they are generally randomly generated using a set of criteria that make them a super safe option.
