In recent years, after the high-profile violations of the user information and passwords from Yahoo and LinkedIn. According to a new study, many companies have been lazy to create passwords which provide more protection against cyber criminals.
In the previous year, LinkedIn had proclaimed that almost 164 million users accounts were hacked in 2012 but according to the original report from the company only 6.46 million accounts were
In a blog post, Preempt described:
“Users reuse passwords. They rotate them. Add a digit to them. And even use identical or share passwords with others. The problem is that only about 1% of people care and are aware that passwords are based on patterns and these patterns can be tracked or broken.”
Last year, the company named as Leaked source published the commonly used passwords by the users on LinkedIn. Here are the top 5 passwords as posted by the company:
- 123456 used by 753,305 users
- LinkedIn used by 172,523 users
- password used by 144,458 users
- 123456789 used by 94,314 users
- 12345678 used by 63,769 users
According to the blog post:
“Their LinkedIn account was breached, so they just change their LinkedIn password, not realizing that if they are using that same password elsewhere, they are actually exposed in all of those places as well. For IT security teams, this is an unknown vulnerability they have to deal with.”
Preempt has also explained about the time that it would take to hack your password using a standard, off-the-shelf cracking hardware. The company has created three passwords models as follows:
- Low complexity (can be cracked in less than a day)
- Medium complexity (can be cracked in less than a week)
- High complexity (can be cracked in less than month)
This should be an alarm to the enterprises to prompt employees to make passwords more hygiene including creation of password which are 10 characters long and avoiding ULSD patterns
CEO and Co-founder of Preempt, Ajit Sancheti said:
“Enterprises must assume that there is always going to be one employee that may compromise the organization online. Unfortunately, no amount of education can prevent this, so it is important to focus attention and resources on defense.”
Sancheti recommends that enterprises do the following:
- Instruct employees to not reuse passwords, ever.
- Remind employees to not click on links in emails, unless they are sure they know the sender. They should also not go to any banking or financial site through an emailed link.
- Enforce penalties for unsafe or irresponsible actions while using a work device.
- Offer continuous education on cyber hygiene.