So if you haven't heard, a recent hack to RockYou.com exposed over 32 million accounts, including the user's passwords. This is one of the largest lists of real world passwords being used by people on the Internet. You can read more about this breach in an article in the NY Times.
Research of the password list by Imperva shows that the strength of passwords selected by users is extremely poor. Only 0.2% of users had what would be considered a strong password of eight or more characters that contains a mixture of special characters, numbers and both lower and upper case letters.
Worse yet is that nearly 50% of accounts used names, slang words, dictionary words or trivial passwords which makes it extremely easy to attack these systems and gain access. And further research is starting to show that many of these users are using the same weak passwords at several sites on the Internet.
So ask yourself this. How many of your peers are using similar weak passwords on your corporate network? We all want to believe we use strong password policies at work, but how many companies have relaxed policies for the sake of usability? Sadly, too many.
And people wonder why we are passionate about strong two-factor authentication at Scorpion Software. A dynamically generated one time password (OTP) that changes every time it is used is vital in a business, especially if remote access to information assets is available for the company. Why? Because as this breach has shown, the weakest link in access security is the human factor. People and passwords don't mix. That's why we developed AuthAnvil for the SMB space.
So it's time to purge the password problem. Let's talk about what we can do to mitigate this risk in your own business. Give us a call anytime. We would love to discuss this with you.
Comments