A recent study by computer engineering student Ata Hakcil analyzed username and password combinations that leaked online after data breaches at various companies. The study looked at 1 billion passwords that leaked online from various hacks over the decade, and discovered that 1 out of every 142 passwords is “123456”.
Credential stuffing attacks can use such passwords and others from Wikipedia and Github to guess passwords, once they have a username or email address.
All passwords should be as strong as the underlying system allows, and need to be changed at least every 3 months. The secure use of password managers is highly encouraged.
Agilient recommends that organisations that rely solely on passwords to identify their users should enforce long and complex passwords. and enable multi-factor authentication to ensure their applications are being used by the intended audience rather than an interloper.
Contact Agilient to discuss how you can ensure your organisation’s password protection is secure.
Author: David Steele, Agilient Consultant
