Current Filter: Security>>>>>Opinion>

   

Last September - as most will be aware - a group of hobbyist hackers announced they had cracked 11.2 million user passwords from the troubled dating website Ashley Madison. Adding insult to injury, the group, called Cynosure Prime, went on to publish the top 100 passwords. Revealing themselves as technologically inept, as well as morally questionable, passwords included '123456' in the top spot, followed by '12345" and 'password'. I don't think even more obscure ones, such as 'secret' and 'affair', would give your average hacker sleepless nights.

A few years ago, anti-hacking software company Imperva analysed 32 million passwords that had been stolen by an unknown hacker from RockYou, a company that makes social media software. They found that over 1% of the 32 million people had used '123456'. Despite knowing about the dangers of cybercrime, people can still be pretty blasé about their security.

PASSWORDS - EASY TO CRACK
People use passwords that are easy to remember. And they will use that password over and over again, for personal and work use. And it is this that causes a massive security headache for employers. Given that user names are usually company email addresses, hackers might start with a 'dictionary attack' to guess the password, which often succeeds because people tend to use short, commonly used passwords. Brute force hacks are another commonly used tactic. A computer cluster has recently been unveiled that can process as many as 350 billion guesses a second - it can try every possible Windows password in the typical enterprise in under six hours.

JUST ONE WEAK PASSWORD IS ALL THAT IT TAKES
More than 75% of hacks involve weak or stolen passwords. In a 2014 security report, it was discovered that five out of six large enterprises had been targeted by advanced attackers, a 40% uplift on the year before. It's not just big companies - 31% of total attacks were directed at SMEs.

Although lots of organisations now use other methods, like token-based authentication, many still rely on user-generated passwords to secure company systems. So, for many, the fact that they are only as secure as their users' weakest password is painfully true.

MULTI-FACTOR AUTHENTICATION
Multi-factor authentication (MFA) is the only way for IT managers to secure remote working operations. MFA uses a number of variables to validate a user's identity - for example, their connection, their geographic location or time of day. Each time a user logs in, a one-time passcode is generated in real time and sent to their mobile. It's not a question of 'if' organisations need MFA - in a world where passwords can be as pathetically weak as '12345' and hacking strategies are becoming increasingly sophisticated, the question is: can they afford not to?

By David Hald, Chief Relationship Officer at SMS PASSCODE and Dan Evans, Multi-Factor Authentication Specialist at VCW Security

www.smspasscode.com

www.vcwsecurity.com