New survey: password choices expose security risks


One widely observed problem in a recent online security survey was the systematic weakness of passwords throughout organizations.

As long as there is value to be gleaned from illegally breaking into computer systems, the threat will never be entirely gone. The recently-released Trustwave Global Security Report 2012, which evaluated the current conditions of online security, found a number of different methods through which data could be illicitly accessed. While some are complex, highly advanced methods with equally complex solutions, one widely observed problem was the systematic weakness of passwords throughout organizations, with entire departments placing themselves at risk through generic and easy-to-guess passwords.

The survey’s authors noted that the most widely used password among respondents was “Password1.” Containing upper-case and lower-case letters as well as a number, it fills many systems’ security requirements and is easy to remember. Its prevalence, of course, makes it extremely easy for prospective hackers to guess. The survey-takers found system operators settling for default passwords in many parts of the IT infrastructure, with firewalls and routers likely to have no password, or a generic and unchanging word in place. The survey also identified risk stemming from users’ employing the same passwords across systems at work and at home, whether the data within was critical or not.

Weakness does not mean passwords as a system are doomed or need to be replaced. At the RSA Coneference 2012, online security expert Dan Kaminsky affirmed the strength of proper password technology usage. TechTarget reports that Kaminsky remained unconvinced that technology such as biometric authentication is ready to replace passwords, emphasizing that a fingerprint scanner is easier to fool than a well-chosen password.

“You know what’s amazing about passwords? They totally work,” Kaminsky told the conference audience, the source reports. “The fundamental ‘win’ of a password over other technologies is its utter simplicity and mobility.”

Users can gain the benefits Kaminsky describes while negating the risk from the Trustwave survey by selecting better passwords. Careful users, especially those with password manager software, are able to put up a key barrier between themselves and outside attackers. Keeping a variety of hard-to-guess passwords and changing them frequently is not simply a good idea, it can be the difference between a safe and unsafe system. Guessing “Password1,” typing it in and accessing private information takes seconds and requires no illicit software at all. Giving hackers such an opportunity is a critical mistake.