Dangerous Cyber Attack Techniques Part 2
Password Reuse and Weak Passwords
The weak password is far the most common factor resulting in the compromise of networks worldwide
Research has shown than over 80 percent of all data breaches are caused by stolen passwords. And hackers manage to get their hands on passwords mostly by guessing weak account credentials. Considering that the most common passwords of the past several years were 123456 and “password” this fact should not come as such a big surprise.
In addition to relying on easy-to-guess passwords, the risk of password compromise is also increased by password reuse. The classic scenario–one that has happened thousands of times with only minor variations in every instance–begins with the mild data breach of a firm or place of business. The exfiltrated data inevitably contains credentials to the private accounts of clients and perhaps even company personnel. While administrators warn all those at risk that their passwords have been compromised, their warnings can often fall short for a very simple reason. Even if users change their passwords to accounts of the company targeted in the breach, many have used the same password for other unrelated accounts. Knowing the commonality of reusing passwords, hackers still have a use for the stolen data.
Spreading the Danger
Moreover, password reuse and generic, weak passwords add to the overall insecurity of the data sphere. One example of this is the increasingly common hacking technique known as credential stuffing. With the amassed usernames and passwords, hackers can then use a program called an “account checker” to test the collection of credentials against a multitude of websites, including social media platforms and / or online eCommerce sites. Statistically, only 0.1 to 0.2 percent of total login attempts in a well run stuffing campaign result in actual hits. But given the numbers, the successful attempts do provide a nice return.
Once again, user responsibility is key in combating password compromise.
Users need to resist the temptation to use easy-to-remember passwords and create unique credential sets for each of their accounts. Luckily, technological tools such as password managers make this task much easier than it once was. Many web browsers today also offer random password generation which also helps keeps passwords robust and secure.
The entrance onto the scene of two-factor authentication (2FA) has also been a major boost to password security. Adding an additional factor to account logins means that even if a password is stolen, an account can remain secure.