![]() I have written several pieces about setting up proper password policies and selecting proper passwords. Requirements for longer passwords might have caused “1234567890” to enter the list of top passwords for the first time this year – but that password is hardly strong. Don’t react to poor passwords by creating policies that cause other password problems.Make sure to educate people accordingly – and to implement technology to prevent problems. There will be other trending topics in 2016 – and there will be plenty of attempts at creating weak passwords based on them as a result. Beware pop culture trends – In 2015 "solo" and "star wars" became popular passwords due to the release of the new Star Wars movie.It is your job as a security professional to ensure security even when people don’t care - and, in many cases, to help make them care. “Password” is an easy password to remember, and people just don’t care. It does not matter how many times you tell them not to use the password “password,” it does not matter how many times using the password “password” has been mocked in the media, and it does not matter how many times accounts with password “password” have been breached by criminals in the past. People make the same mistakes over and over.By now, policies pretty much everywhere prohibit using passwords like “123456” and “password” – but those two, weak passwords are apparently still the most common two passwords in use. Policies can be worthless if you do not utilize technology to enforce the policies.But in addition to the specific analysis that I provided for a general audience in that article, there are some important points of which people studying for certification exams should take a special note: I analyzed the list in detail in a piece that appeared in Inc. Here is the list of the most common 25 passwords of 2015 as found in the various lists of passwords that leaked online after from breaches: ![]() ![]() The list for 2015 reveals a lot about how people pick passwords, and provides a wake up call for people working in information security departments – including those studying for certification exams – as to how much training and education is needed when it comes to passwords, how badly the world needs better designed and implemented password policies, and how strongly many organizations need technology to enforce such policies. Each year for the past several years the password-management-software firm, SplashData, has released a list of the most common passwords found in data dumps leaked online of passwords stolen during the past year.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |