Many of us think our passwords are uncrackable, even if they’re only simple ones with just a few characters.
But are you among the people using the most commonly compromised online logins?
New research by Specops Software has revealed that ‘password’, ‘research’ and ‘GGGGGGGG’ are often easily cracked by hackers, along with ‘cleopatra’ ‘passwordGG’ and ‘OOOOOOOOOO’.
The phrase ‘new hire’ also appears in the second and third most commonly compromised 15-character passwords, the findings showed.
Specops said this highlighted that IT administrators should avoid predictable, repeatable password patterns when creating accounts for new users.
Concerning: New research by Specops Software has revealed that ‘password’, ‘research’ and ‘GGGGGGGG’ are often easily cracked by hackers, along with ‘cleopatra’ ‘passwordGG’ and ‘OOOOOOOOOO’
The phrase ‘new hire’ also appears in the second and third most commonly compromised 15-character passwords, the findings showed
‘It could also suggest these new users were not forced to change their password and had been using the default ones given to them by IT for some time,’ the Stockholm-based company added.
A key takeaway from the research was that people should make their passwords longer so they are harder to guess and crack through brute force.
This is a technique where cybercriminals use tools to test all possible password combinations through countless login attempts until the correct one is identified.
‘Longer passwords are better,’ said Darren James, senior product manager at Specops Software.
‘And I don’t think that’s news to most IT teams.
‘However, it’s important to understand that equipping users with strong, lengthy passwords isn’t a foolproof way to avoid compromised credentials.
‘Attackers can still find workarounds – and user behaviour can undo a good password policy.’
As part of the research, Specops set out to find the most common length of a compromised password, as well as how many longer passwords were being breached.
They defined longer passwords as anything over 12 characters.
The team analysed more than 800 million compromised passwords from its list of some four billion unique logins and counting.
As they expected, eight character passwords were the most commonly cracked – making up 212.5 million of the total.
What was most eye-opening, however, is that 85 per cent of logins that were compromised were those with passwords under 12 characters.
Despite this, Specops warned that increasing password length is ‘only part of the password security battle’.
‘It’s important to remember that long passwords can still be compromised through phishing and other forms of social engineering,’ the company added in a blog post on its website.
As the researchers expected, eight character passwords were the most commonly cracked – making up 212.5 million of the total
What was most eye-opening, however, is that 85 per cent of logins that were compromised were those with passwords under 12 characters
Warning: This graphic shows that it doesn’t matter how many characters or how complex your password is if it is already one of the known compromised logins
‘The bigger risk is attackers getting their hands on a database of passwords from a less secure website, for example say a hacker gets into an online store.’
Specops added: ‘Even if the passwords are hashed, the attacker has all the time in the word to try and crack them, and then figure out who those people are and where they work.
‘If any of those passwords have been reused at work, it’s an easy route into the employee’s organisation.
‘This is why password reuse can be a major Achilles heel of what could be an otherwise strong password policy.
‘An organisation might enforce end users to use longer, strong passwords at work, but there’s nothing stopping people reusing those passwords on personal applications and devices with weak security or on unsecure networks.’
An IBM report in 2021 revealed that the average global cost of a data breach is now $4.24 million – 10 per cent higher than 2020.
