The list of the worst password for 2014 just came out, and it looks like the people’s favorite worst passwords are still at the top: “password” and 123456”. Other winners (or losers) are ‘12345’ (#3), ‘qwerty’ (#5), ‘abc123’ (#14), ‘football’ (#10), and my favorite ‘letmein’ (#13).
In my career as an IT professional, I’ve seen many devices like routers, AP’s and firewalls that have default passwords such as ‘password’ , ‘abc123’ and ‘admin’ (curiously, not on the list), but never have I been tempted to leave that password once the device goes live. It’s like leaving your house key under the ‘Welcome’ rug in front of the door.
Even though passwords are one of the easiest methods to authenticate, some people just don’t take them seriously. Now, I don’t mean that you should have to memorize a 16-character long randomly generated alphanumerical password for every account that you have (though I do know a system administrator that does something like that). Even though having such a strict password policy will dramatically reduce the number of unauthorized access, it’s just begging for the Sys-Admin to be flooded with requests for password changes. Giving users free range to create their own passwords will lead to the above mention passwords, which are begging to get hacked. There is a middle ground that lets users create their own passwords but they are subject to some complexity requirements.
The complexity requirements usually include having a mix of numbers, characters, symbols, and UPPER and lower case letters. The reason why is this makes the password less likely to be hacked by using a Dictionary attack. This type of attack includes trying every word in the dictionary, as well as frequently used passwords, like the ones in the top 25 worst passwords of the year. If you have any of those password in the list, you’ve got an increased chance of getting your account broken into.
Sure there are other ways to authenticate besides passwords. Laptops and mobile devices now have finger print readers, facial recognition software, and even the popular smart card readers. However, all these things you cannot customize yourself. Your fingerprints will not change much over your lifetime, and neither will your face. Maybe that’s a good thing, but if such authentication method gets compromised, it could become a liability. However, passwords are easily replaceable, can be made to fit the user, and ultimately they are the last line of defense in cybersecurity.
At TRA consulting, our philosophy is to be proactive when it comes to desktop and network security. We combine end point tools which can monitor, alert, patch, script, and have the ability to provide remote support. All these tools and more can help you keep your computer and network safe at a fraction of the price of a full-time IT staff. We have many satisfied customers in the Long Beach, Orange County, Southbay, Greater Los Angeles Area, San Diego, Arizona, and Midwest.
Our Motto is “Maximum Satisfaction, Minimum Fuss”. Call us today for a free consultation!