CHINA, 22 JANUARY 2010 --It's time for everyone to take password security seriously as it is an important first step in data security. This is apparent from the findings of a newly released study by data security specialist Imperva that analysed 32 million passwords recently exposed in the Rockyou.com breach. In this case, the cyber criminal hacked and posted the full list of the passwords onto the Internet showing how easy it is to break into private information of consumers.
Most consumers find it hard to come up with complicated or not-easy-to-crack passwords and these results in security breaches across the world. Consumer password worst practices, a new report from Imperva's application defense centre (ADC) seems to prove this.
Avoid common passwords
In an attempt to analyse the strength of the passwords, the researchers from Imperva undertook a study of about 32 million passwords. The result of the analyses helped both consumers and website administrators to avoid using the most common passwords while opening online accounts.
One should especially be careful while selecting passwords for social networking or e-commerce sites. Imperva report shows that about 30 per cent of consumers are using short passwords with six or fewer characters.
The majority of people (60 per cent) don't use a variety of alpha-numeric characters and about 50 per cent of users preferred to log in with very common names. Not surprisingly, 123456' is the most common password among Rockyou.com account owners.
Recommendations from Imperva
According to Imperva's CTO Amichai Shulman, people should know that a poor combination of words means inviting a hacker to access one new account every second. People should be most careful about designing passwords for important sites such as banking.
Turning a sentence into a password is a good idea and Imperva also suggests using a different password for all sites. Write down all the passwords on a piece of paper to have them handy at the right time and never reveal them to a third party.
Administrators should enforce strong password policy and ensure that passwords are not kept in clear text. They should use a password change policy and allow passphrases instead of passwords.
Imperva suggests that all passwords should be at least eight characters long and should contain a mix of upper case letters, lower case letters, numbers, and special characters such as !@#$%^&*
The problem has changed very little over the past 20 years, said Shulman, referring to a 1990 Unix password study that showed a password selection pattern similar to what consumers select today. It's time for everyone to take password security seriously; it's an important first step in data security.
Sign up for Computerworld eNewsletters.