Although it is no secret that some significant breaches have occurred with cybercriminals stealing user’s information and passwords from sites like LinkedIn and Yahoo, business users continue using passwords that do not offer adequate protection, according to a study by Preempt. An article over on Tech Republic goes into detail about the poor password practices of LinkedIn users and just how easily a password can be compromised.
Last year, LinkedIn revealed that email addresses and passwords of more than 164 million users were stolen in a massive hack in 2012.”
Preempt looked further into the passwords hacked in the 2012 breach, finding that over 63 million LinkedIn users had recycled previously used passwords.
No matter how complex these passwords may have been, they were still weak, because they could be quickly cracked by matching against a wordlist of known or previously used passwords.”
Preempt also points out that users may not always use the exact same password as before, but rather feel that by changing the sequence of characters or adding numbers the password becomes more secure. Unfortunately, only about 1% of individuals know that passwords are often patterns which can be tracked and cracked.
Looking at the top 5 passwords used by LinkedIn users in 2012, reported by LeakedSource we can see just how unsecure these passwords truly were. ZDNet, who reported this information also included the frequency for each of the top 5 passwords.
123456 (753,305 users)
linkedin (172,523 users)
password (144,458 users)
123456789 (94,314 users)
12345678 (63,769 users) ”
Following the breach, many users changed their LinkedIn account passwords, however did not change their passwords on other sites where they used the same credentials. More than likely, users did not consider if their LinkedIn accounts were compromised that any additional accounts using the same passwords could be exposed as well.
Tech Republic also explored an investigation done by Preempt to determine the amount of time it would take to crack a password of various complexities (low, medium and high). The findings should not surprise you.
Low complexity passwords could be cracked in less than a day, while medium complexity passwords were hacked in less than a week. High complexity passwords were cracked in less than a month.”
These findings serve as a great reminder to encourage employees to create complex passwords greater than 10 characters. Employees should steer clear of common Upper characters, Lower characters, Special characters and Digits (ULSD) patterns and ensure passwords are being changed frequently.
According to Ajit Sancheti, CEO and co-founder of Preempt, organizations should always assume there will be one employee that may put their company in jeopardy online.
Unfortunately, no amount of education can prevent this, so it is important to focus attention and resources on defense.”
Below are 4 recommendations Sancheti makes to enterprises:
Instruct employees to not reuse passwords, ever.
Remind employees to not click on links in emails, unless they are sure they know the sender. They should also not go to any banking or financial site through an emailed link.
Enforce penalties for unsafe or irresponsible actions while using a work device.
Offer continuous education on cyber hygiene. ”