A study into data security breaches suffered by both business and individuals has shown that many users are unaware as to the dangers they are facing if they fail to choose an adequately robust password for their various accounts. Weak passwords can make all of the data protection software in the world entirely redundant and it appears that many are still putting their businesses and personal data at risk as a result of this elementary mistake.
Analyst Imperva, the author of the recent study into password use, was encouraged to carry out research into password choices after the social networking software firm RockYou suffered data loss that gave open access to the passwords of over 32 million users.
Imperva has made use of the leaked data in order to come up with a list of the most frequently used passwords and it has found that many users are relying on passwords that are incredibly common and therefore easy to crack.
20 per cent of all users analysed in the study had picked an account password which was amongst the fifty thousand most frequently occurring combinations online.
Hundreds of thousands of customers used simple ascending numerical passwords, including ‘123456’ and variants on the theme. Meanwhile an alarming number chose simply to use ‘password’ as their password with ‘iloveyou’ and ‘princess’ also ranking high in the most common password list.
A spokesperson for Imperva commented that with the number of people choosing obvious and common passwords, those with malicious intent would not require a particularly high degree of finesse in order to gain access to the personal details of thousands of web users. Imperva estimates that it would take less than 20 minutes for around a thousand accounts to be accessed using a brute force technique based on the fifty thousand most common passwords as leaked by RockYou.
Imperva believes that websites are making their users vulnerable by allowing them to choose simplistic passwords and that if this continues, the hackers will be able to gain access to information ever more rapidly as they continue to develop their own software that preys on poor password choices.
Gartner also believes that in the face of this evidence it should be down to administrators to remind users across all systems as to the need to create rather more cryptic and personalised passwords.