According to new research, hackers guess passwords too easily, causing a major threat to online security.
The problem begins when hackers guess passwords and obtain access to private information. The problem continues when hackers access accounts by exploiting security shortfalls such as when the individual being hacked uses passwords that contain personal information. Then, the problem intensifies when those same passwords are used across multiple social, email, business and online bank accounts.
The authors of the study, a collaboration between Lancaster University’s School of Computing and Communications and Fujian Normal Univeristy’s School of Mathematics and Computer Science, stated that this approach used by hackers is a threat that is highly underestimated. Here is a link to their study.
Professor Ping Wang, the corresponding author of the paper, added that when hackers guess passwords it becomes a “serious security concern.”
“A large number of passwords can be guessed if personal information is known to the attacker. This is especially true if they know passwords from other accounts owned by the potential victim” says Wang
This is especially true for two reasons, he went on to explain. One, there are large amounts of personally identifiable information easily accessible to cybercriminals. This is personal information that in one way or another has become public.
Two, cybercriminals get access to millions of leaked passwords, courtesy of data breaches past and present. If past passwords are still used on other accounts, the individual is just asking for trouble.
“Our results should encourage people to vary the passwords they use on different websites much more substantially. This will make it harder for criminals to guess their passwords,” said Dr. Jeff Yan. In addition, unique passwords (and usernames) should be reinvented often.
“This work should also help inform internet service providers looking to introduce more robust security measures to detect and resist online guessing.” One approach that is highly recommended is for the use of passphrases. Unlike passwords, these tend to be more complex and longer, yet just as memorable. Another option is to type pure gibberish, then right it down and use it, being sure to keep the password stored safely in an online or offline vault.
Thanks to Narinder Purba for the article (found here) on this same topic.