27 août 2012
High profile hacks of corporations are becoming increasingly common, and with cloud data security under the media spotlight, it seems that hackers are targeting passwords.
According to The Atlantic, the reason for this is very simple: password hacking has improved while password selection by users has deteriorated. A recent blog post by Dan Goodin, writing for Ars Technica, revealed that data loss prevention can be simple to achieve, provided that passwords are strong enough.
"Security provided by the average password in 2012 has never been weaker," Goodin wrote. "The average Web user maintains 25 separate accounts but uses just 6.5 passwords to protect them."
Passwords are usually something familiar to the user, but studies have shown that some people maintain a six-digit numerical sequence beginning with 'one' as their password or even the word 'password', which is, in the opinion of Goodin, an open door for hackers. It takes approximately 10 minutes to crack a six-digit, lower-case password and he suggests using "dumb passwords for sites that don't matter."
Goodin also believes that as technology has evolved, so have the hackers. Cloud computing is the latest way to store information and transfer data, but sophisticated cybercriminals are using software that has been specifically designed to search for thousands of passwords every minute, with new algorithms being developed all the time.
"The ever-growing list of leaked passwords allows programmers to write rules that make cracking algorithms faster and more accurate, " Goodin writes. "Password attacks have become cut-and-paste exercises that even script kiddies can perform with ease."
Websites need to improve security protocols
Finally, there are the websites themselves. When users sign up to a service, they expect that the company will have security protocols in place to protect a registered user's information. However, as recent security breaches at LinkedIn, Dropbox and Blizzard have shown, companies have been forced to admit publicly that their protocols are not sufficient to ensure data protection.
When Mat Horan was hacked, the Wired writer discovered that Apple and Amazon were easily fooled into revealing financial details that allowed the hacker a free run at his email and social media accounts. Goodin feels that websites don't have enough "cryptographic salt" to prevent these sort of attacks, writing that this is "one of the many sins that popular websites routinely commit against password security."
So the answer is simple: your password is the key to your data. By locking the door securely, you can prevent unwanted visitors.
-McAfee Cloud Security