Posts

Are you slack about IT security

Yesterday www.boards.ie was hacked and the passwords of the users may be compromised. If users use the same username and passwords on multiple sites, then the hackers may now have access to those other sites. Could they have access to online banking passwords? Possibly.

A couple of months ago I was reading a blog, and the follow-on animated exchange, about the importance of security in accounting software. While I agree with the importance of security, I felt at the time, that the dev elopers had little understanding of how careless users actually are when it comes to security, passwords and backups.

I have often commented on the amount of companies with no password protection on their accounts software, or common words as passwords, or use the pc users name as password, or have the password visible on a post-it stuck up beside the screen.

Well, recent research has shown just how loose password security is.

It seems that in Dec 09, social networking services and customized widget company, Rockyou.com, suffered a data breach. The breach included millions of people’s email addresses and passwords for Rockyou.com (and in many cases passwords and login details for associated social networking sites). The hacker responsible for the attack subsequently posted the full list of passwords on the internet.

You will end up with a lot of passwords and you will need something to help you manage them. I use a piece of software to store all of my different passwords. It’s a password manager called eWallet. Another free package is keepass. And remember you need to be careful how you use these!

So now, what passwords are you using for the various software and websites you use. Are they secure enough? Do you need to change them. Go on – do it now!

The compromised password and login data was examined by US-based security company, Imperva Application Defense Center (ADC). The data provides valuable insights into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. What’s good about this is the number of real-world passwords the analysts were able to examine .

There report is available here – http://www.imperva.com/ld/password_report.asp

A full analysis of the 32 million Rockyou.com passwords show the most commonly used passwords are:
1. 123456
2. 12345
3. 123456789
4. Password
5. iloveyou
6. princess
7. rockyou
8. 1234567
9. 12345678
10. abc123

Its amazing, isn’t it. And to think of all of the effort the IT developer puts in to improve security and then see users undermine all that by careless selection of passwords.

So what should you be doing? To keep your accounts safe, NASA recommends adhering to the following steps when creating a password:

1. It should contain at least eight characters.

/0 Comments/by