Hello folks,
I think this article is a bit contradictory. Its coming from Cybernews and is titled Long passwords won’t protect your accounts| Cybernews.
After analyzing 1.8 million breached administrator credentials, 40,000 admin portal accounts used the term ‘admin’ for their passwords, and only 50% of organizations assess systems monthly for compromised credentials, according to the report.
Let’s take this and break it down. Admin is 5 characters long and has been used in passwords to get in to systems for many many years and is well known. The next paragraph says
The most common compromised password in KrakenLab’s newest list of breached credentials was the combination ‘123456.’
Again, that is 6 characters and has been used by folk for a long time. But people have also used passwords like 123456789 which is 9 characters but is an easy to guess password because it doesn’t have anything unique to it.
Its time to give up password altogether. I’ve asked the question of my podcast hosts what they would do if they were to use password to make it different. This paragraph says:
Passwords that contained the word pass or wrote the word password (P@ssw0rd or Pass@123) that were just “complex” enough to pass the Active Directory’s basic rules were also common.
But the article here is saying while this is good, its time to give it up because it is a common tactic.
My goal was not to have this as a common tactic, my goal was to see what people would do to make it stronger. Although I didn’t intend to say to use the combination, you could in other ways but not alone.
Verizon concludes that nearly half of all data breaches involve stolen usernames, passwords, and other credentials, the report claims.
If that’s the case, it doesn’t matter how long the password is, if its breached and not hashed and salted, we’re in trouble. As we’ve talked about numerous times, we continue to see articles that talk about passwords that are in databases that have been in plain text. If your 16 character password is in plain text in said database, that’s it! Its over!
“Long passwords hashed with MD% and bcrypt can take millions of years to crack – but password reuse can render them immediately compromised,” the report states.
Yes, encryption can be valuable, but password reuse is what is going to kill you the most. Even that 16 character password that was found in plaintext.
Again, Long passwords won’t protect your accounts| Cybernews is the article. What do you think? Is it contradictory or is this is sound?
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.