Skip to main content

what is your password??





123456. qwerty. password. We’ve all done it. Despite constantly being told to mix up our passwords and include everything from capital letters to hieroglyphics (well, not quite) we’re still using predictable patterns that hold the key to our entire online lives. 


A research study carried out by Keeper Security has revealed the most common passwords used in 2017.

The data, collected from 10 million passwords included in data breaches that happened in 2016, highlighted some interesting facts:

  • Nearly 17% of users are using the password ‘123456’ to safeguard their accounts. 
  • The top 25 passwords of 2016 make up for over 50% of the 10m passwords that were analyzed.
  • 4 of the top 10 passwords are six characters or shorter.

These statistics are worrying, and show that the list of most-frequently used passwords is not changing. A six character password can be unscrambled in seconds. The majority of users are not taking the time or effort to protect themselves and secure their passwords so it is up to website operators to ensure that a complex code is required. 

Another study to be released recently shows that it’s not just common passwords that are causing problems in security, it’s password sharing too. The LastPass Sharing Survey said that a huge 95% of respondents share up to 6 passwords with others. But what’s being shared and with who?


In some cases, password sharing is unavoidable. In the workplace, they often need to be shared for emergencies, shared team accounts or to delegate work. At home, spouses frequently share passwords for financial and utility accounts. The biggest problem is that 59% of people are re-using passwords. Using the same password for more than one login can be extremely dangerous, particularly if your password is shared. The other person could immediately have access to multiple accounts that you did not intend them too. It’s important that passwords are only shared with trusted persons and that passwords are changed after the person it was shared with has used it.

So if millions of users are still getting passwords wrong, how can you ensure that next time you choose a password you get it right?

  • Don’t use a password with any personal information, e.g. date of birth, names etc. 
  • Don’t use dictionary words. Once a piece of hacking software has gone through all the most common passwords it will then start making its way through the dictionary until it eventually finds yours. 
  • Aim for a 10 character password. 6 characters or less takes seconds to crack, ensure you have at least 8 but there’s no harm in trying to make it longer. 
  • While it is advised to use a combination of lower and upper case letters and numbers to replace alphabetical value, e.g. p$ssw0rd, these can be easily hacked. Try to think of a sentence instead, turn it into an acronym and do the same, e.g. ‘My first house was number 43’ becomes MfHwn43. 
Choosing a secure and hack-proof password is the first step towards ensuring your online life is safe. Don’t make it easy for hackers to gain access to your accounts and be careful who you share your passwords with. 
Labels:

Comments

Post a Comment

Popular posts from this blog

My Life as Information security engineer Chapter 1: Tools

  Hi folks, here I am going to share the tools list that I am using in my daily life cycle. NMAP  Nmap (“Network Mapper”) is a free and open-source (license) utility for network discovery and security auditing. Basically, I will use it to discover the open ports and closed ports where I did Port Mapping in firewalls. We can use this in the local network as well as in the WAN network. Also with help of the NSE script, we do multiple things like vulnerability check, exploitation, etc., Ref: http://www.piratesshield.com/2017/11/nmap-network-mapper-securtiy-scanner.html CURL and WGET curl   is a tool to transfer data from or to a server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). Normally using this tool to analyze the website headers when my web security device blocking some dynamic content websites and to create the Application signature in IPS. Wget   using to download files directly instead of opening and surfing the brow
Post a Comment
Read more

AquaSec Container Security Solution ( DevSecOps ) - A quickView

  What is AquaSec?      The Aqua Platform is the leading Cloud Native Application Protection Platform (CNAPP) and provides prevention, detection, and response automation across the entire application lifecycle to secure the supply chain, secure cloud infrastructure, and secure running workloads wherever they are deployed.    Solutions : Cloud Native Security Platform CSPM Cloud Security Container Security Kubernetes Security Serverless Security Cloud VM Security Dynamic Threat Analysis (DTA) Container Vulnerability Scanning Aquasec offers a 14days trial to learn the container security / Automated DevSecOps. Use this link to get free trail  Sign In | Aqua (aquasec.com)   How to start with AquaSec? Once login into the portal click the nine dots in the left-side top > Aqua Hub  Then click the "Integrations" The Integration page has a lot of options to connect your container Platform Choosing your platform provides the required key to integrate. (follow the OEM documents ) The
Post a Comment
Read more

What is IP Obfuscation ? How it's working ? how to use Cuteit tool ?

  What is IP  Obfuscation?     Which is a method to hide or convert a doted format IP address  (e.g. 192.168.192.2)   into an Integer or Hexadecimal value or Octal form by using some mathematical formula. It’s a kind of method to spoof the human eyes and web security services. dot format to Decimal Conversion   piratesshield.com 👉  [172.67.129.3] to translate (172 x256 3 )+(67×256 2 )+(129×256 1 )+(3×256 0 ) =  2890105091 Now you can use  https://2890105091  to access piratesshield.com This is one of the ways to do IP  Obfuscation.  The tool  ‘ Cuteit ‘ is  A simple python tool to help you to social engineer, bypass whitelisting firewalls, potentially break regex rules for command-line logging looking for IP addresses and obfuscate cleartext strings to C2 locations within the payload. HOW TO USE CUTEIT ? Download & Install Cuteit from the below link git :   git clone https://github.com/D4Vinci/Cuteit.git Direct link: https://github.com/D4Vinci/Cuteit/archive/master.zip usage: Cu
Post a Comment
Read more