My Password Is My Password
C. Edward Brice - January 28th, 2010
Education is still key to IT security. Just look at users’ passwords. The New York Times reported last week on a study that exposed the overwhelming simplicity of users’ password choices.
According to the study, which was conducted by Imperva, 20 percent of Web users choose a very simplistic password that can be easily guessed — such as “123456.” The Imperva study looked at a list of 32 million passwords that an unknown hacker stole last year from a company involved in developing software for social media sites like Facebook and MySpace.
The study found that nearly 1 percent of these 32 million people had used “123456” as a password. The second most popular password was “12345.” Others in the top 20 included “qwerty,” “abc123” and “princess.”
This means that hackers could easily break into accounts just by automating the top 50 most common passwords. They would likely have amazing success with relatively little effort.
As a user of social networking sites, I understand the appeal of an easy-to-remember password. In fact, I try to use the same password as much as possible, because I simply can’t remember too many variations — especially as I get a little older. I like to keep passwords to less than six characters, and I hate it when a password must be eight characters and include both letters and numbers. When this happens, I use my password format fallback.
So, yes, I get it. But now imagine a few thousand of me in your company. What would be so terrible about that? By using simple and common passwords across all of my social networking sites, the bad guys have it easy to steal whatever data I have in my system. But that’s not what they’re interested in. They don’t care about my personal information. What they’re really after is your corporate intellectual property that they can sell or hold for ransom.
I believe the key here is to educate users on the new realities of living in a Web 2.0 world. For every transaction, interaction, and engagement we do on the Web, we must tread carefully as social networking sites and other online channels pose risks to not only your personal information but also to your corporate data. A little education can translate into simple behavioral changes and ultimately, bottom-line savings. By understanding how hackers think and work, employees are more likely to use common sense when choosing their passwords. This simple change could mitigate risk to your data and could save your company untold millions of dollars.