 Password security has long been a thorn in the side of IT Security Professionals. It's easy enough to understand why. Passwords are inconvenient from the perspective of users, which is why they tend to keep them as simple as possible, so they can remember them. On the other hand, IT Security staff keeps warning users that if they use passwords that are too simple, it's a trivial task for hackers to guess those passwords and breach the system.
Password security has long been a thorn in the side of IT Security Professionals. It's easy enough to understand why. Passwords are inconvenient from the perspective of users, which is why they tend to keep them as simple as possible, so they can remember them. On the other hand, IT Security staff keeps warning users that if they use passwords that are too simple, it's a trivial task for hackers to guess those passwords and breach the system.
That's why, despite periodic warnings, we still see passwords like "password," or "123456." That's why we see so many people still using birth dates and the names of pets, and unfortunately, there doesn't seem to be an easy fix for that.
To understand the scope and scale of the problem, the National Cyber Security Centre tracks password habits and has some bad news to report:
Even now, when almost everyone knows better, statistics indicate that some 15 percent of people use the names of their pets as passwords, and 14 percent use the name of a family member. 13 percent are prone to use birth dates or anniversaries, and 6 percent gravitate to their favorite sports team.
The big problem, of course, is the fact that even a moderately talented hacker who spends any time at all on social media can collect this information with ease. That means they can break into accounts where such things are used with equal ease.
In terms of current best practices, the National Cyber Security Centre in the UK recommends not using any of the above. Instead, create passwords for every site you visit that requires a logon by using three, randomly selected words, with special characters, capital letters, and numbers thrown in as they are allowed.
It's excellent advice, and the next time you send another missive to your employees regarding password security, it's well worth sharing.


