The Danger Of Weak And Insecure Passwords Is Growing

Silicon Editorial,
The Danger of Weak and Insecure Passwords is Growing

Password hygiene is important. Since attacks often start by manipulating employees, insecure passwords are a gateway for hackers.

The losses incurred by the German economy due to theft, espionage and sabotage have reached a record level: according to the industry association Bitkom, the total annual damage in 2020/21 has more than doubled to 223 billion euros compared to the same period last year. Blackmail incidents are primarily responsible for this increase: Damage caused by ransomware attacks has more than quadrupled compared to 2018/19 (+358 percent).

A large part of the attacks starts with the manipulation of employees, so-called social engineering. According to Bitkom, criminals exploited the “human factor” as the supposed weakest link in the security chain in 41 percent of German companies to obtain sensitive data such as passwords. This development was favoured by the pandemic-related increased switch to home offices in the last two years.

Passwords are being cracked faster and faster

Weak and insecure passwords are a problem that should not be underestimated.  Hackers are able to crack passwords faster and faster: according to a study by the US software provider Hive Systems, in 2020 a complex eight-digit password could be read in eight hours. Today, this is possible in less than one hour.

The data from Hive Systems is based on how long it would take a hacker to crack a password hash using a first-class graphics card and brute force methods, i.e. trying out all possible cases. A “hash” is an encrypted password version that is reproducible with known hash software. For example, if the word “password” is hashed with MD5 software, it is visible as 5f4dcc3b5aa765d61d8327deb882cf99.

Simple number sequences are particularly popular as passwords

A strong password consists of at least 16 characters – upper and lower case letters as well as numbers and symbols, recommends Dan DeMichele, Vice President at LastPass. Only then it is  suitable “as the first and most important line of defence against cyber attacks”. However, in many places this tip is not taken to heart. According to a study by web.de, almost every second German uses passwords with ten or fewer characters. In addition, many passwords are not secure: 44 percent of those surveyed use personal information – for example, the birth dates of family members, partners or friends, anniversaries or the names or nicknames of children, partners or pets. According to the Hasso Plattner Institute (HPI), the most frequently used sequence of numbers in 2021 was 123456, followed by “password”, 12345 and “hello”.

The reason for this lack of caution: many users are experiencing “password fatigue”, i.e. overwhelmed by more and more passwords that they have to think up and remember in everyday digital life.  It is also fatal that more than half of Germans (52 per cent) use passwords more than once – for online banking transactions, digital administrative procedures, e-mail and social media, for example. Five percent even use the same password for all accounts. If it is cracked, all other accounts are automatically at risk.

A strong and secure password…

  • … consists of special characters, numbers, upper and lower case letters and symbols.
  • … has at least 16 characters. The longer it is, the more time it takes to crack it. This discourages hackers who are looking for a quick win.
  • … is based on multi-factor authentication. Here, hackers have to overcome two security levels before they can access the account.
  • … is created and stored automatically by a password manager. This helps to remember several unique passwords and is more secure than writing them down or storing them in your mobile phone.
  • … only needs to be updated if it has been compromised. This is where the dark web monitoring of password managers such as LastPass can help.

How companies can protect themselves

Not only large companies are a popular target for hackers. Smaller companies also need to strengthen their cyber defences and prepare for potential hacker attacks, warns LastPass expert DeMichele. Among the most important immediate measures, he says, is enabling multi-factor authentication (MFA): “MFA significantly reduces the risk of compromised passwords and provides another much-needed layer of protection against attacks.” Using a tool to create and store passwords also increases their security. According to Hive’s study, it would take hackers 3,000 years to read a 12-digit password created by a password manager.