Password Security Issues

Wednesday, December 15, 2010

Mark Gardner


Since the Wikileaks "cable gate" release hacking, denial of service attacks and in the last couple of days theft of personal data from Gawker and McDonald's to name two, have been all over the press.

When Auditing or giving training I tell people that a lot of things are transferable from the Enterprise to your home computing activities, particularly in the social media arena.

However, for the Gawker account hack, and for the record, yes I was affected and have changed my password, details have been released about the passwords used by those on the site (no mine is not listed):

I am in no way surprised at the passwords, and I use the term very lightly, that people have used.

If anything were the administration passwords any different which enable the encryption to be broken and the passwords stolen?

The article from the Wall Street Journal also gives plenty of detail about lengths of passwords on other sites such as Google.

All this is useful information for the Security professional, and can be used in our daily work. Particularly enforcing password security, at home or at work, we all want simplicity in our passwords to make them easy to remember.

However, even a random set of letters, numbers and special characters become easy to remember when you are typing them into your machine multiple times a day.

Many password policies advocate at least one capital letter, one number and in some cases one special character.

Therefore, Password1! would meet the policy, which isn't strong enough as I'm sure you'll agree.

As I saw written the other day, Password is not a Password, maybe now with these high profile events, people will start to realize this too.

Possibly Related Articles:
Network Access Control
Passwords Authentication WikiLeaks Gawker
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.