Your password is one of the best ways to tighten security

You probably aren't familiar with the name Ata Hakcil. He's a computer engineering student who recently conducted one of the largest password security surveys currently available.

To conduct his research, he collected a number of username and password "data dumps" from the Dark Web and analyzed the passwords he found there. Hakcil was able to analyze a massive collection of more than a billion passwords, looking for trends and commonalities.

IT security professionals have long known that password security is an area of persistent weakness that leaves companies of all shapes and sizes exposed. Hakcil was able to measure and assess just how bad that problem is. What he found was depressing.

Most used passwords - not good

The most commonly used password in the collection he analyzed was simply '123456,' which appeared in his dataset more than seven million times. It is the most widely used password in the world. Put another way, a staggering 1 person in 142 was found to have used that simple password. As you might suspect, that is laughably easy for a hacker to guess using the simplest of techniques.

In addition to that, Hakcil discovered that the average password length is 9.48 characters, which isn't great. Given the password referenced above, is better than you might have guessed.

Other relevant and intriguing statistics culled from this study

  • Only 12 percent of passwords include a special character
  • 29 percent of the passwords reviewed used alphabet characters only
  • 13 percent used numbers only
  • Given the above, fully 42 percent of all the passwords in the dataset were vulnerable to quick "dictionary-style" attacks that would allow a hacker to gain access with minimal effort.
  • The most common 1000 passwords unearthed by this research accounted for 6.607 percent of the total, which gives hackers a long list of low hanging fruit to work with.
  • With the most common 1 million passwords, the hit rate is 36.28 percent. With the most common 10 million passwords, the hit rate is 54 percent. This makes most networks incredibly easy to breach.

Our perspective

If you're wondering why we keep reading about so many high profile data breaches month after month, the results of this research go a long way toward explaining it, and that's unfortunate. And here's a way to deal with passwords.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~

 

By Denis Wilson and Melissa Stockwell

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI'm Denis Wilson, President and Principal Consultant for DWP Information Architects. We build people / process / technology solutions to create better business outcomes for smaller enterprises in Los Angeles. We have created cost-effective office productivity and out-sourced service solutions for over 20 years, focusing principally on manufacturing and healthcare.  Our hallmarks are reliability, cybersecurity, and regulatory compliance.

I am also a published author and speaker, working extensively with business and professional associations to provide small business technology education programs.

Contact me if you would like me to speak at your association