Yesterday morning at the RDS the Smart Business Show 2015, Per Thorsheim, the founder and main organiser of PasswordCon, the world’s first password conference gave a workshop on Perilous Passwords. The following facts and tips were revealed by Per and they will surprise you.
Per did a security test at a big company using a simple computer script which used the name of the company and also password as a password. Out of 40 thousand employees, one employee had the word password as their password and that person was a system administrator. What makes this more shocking is not the fact that it was a system administrator who had a weak password but that the company they worked for was a fortune 50 company.
Passwords and pin codes are the world’s biggest pain and have to be changed on average every 30 days. Software engineers are given the task of setting up and designing a company’s password protocols. This should be done by somebody who is skilled in usability.
Personal information is nearly always used as part of a password, or passcode. This could be something obvious such as your date of birth or a loved one’s name.
Write down a 4 digit passcode that you can remember in a month. Chances are it will be your year of birth. You do this instinctively as it’s a 4 digit passcode you can remember instantly.
If you are forced to change your password every 30 or 60 days you won’t be creative and could choose password1 password2 or something else so ridiculously easy.
If you are told to have a password 14 or more characters long and it would only be changed once a year. Use a sentence as a password as it’s easy to remember. Examples include song lyrics or a movie quote, things a cybercriminal will not easily get. How many cybercriminals will know the words to Oro, se do bheatha ‘bhaile, a traditional Irish song?
When it comes to the psychology of passwords, women have longer passwords and men prefer a wider selection and use more characters. People who work in the I.T. department such as system administrators use simple passwords as they are looking after so many passwords.
Two years ago the AP (Associated Press) twitter account got hacked and 7 minutes later the Dow Jones index fell 136.5 million dollars. The Syrian Electronic Army did this and they just issued one Tweet on the hacked account which you can see below.
If something similar happened to your business what would happen to your business and your customers. Even if your business is something you think is not worth hacking they will hack you as you are an outlet to let them post their political message. This can happen if your password is basic.