Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Sophos warns against one-for-all passwords

Sophos : 11 March, 2009  (Technical Article)
With only 19% of users protecting their identities with unique passwords, Sophos warns users to adopt a different approach to preventing identity theft
IT security and control firm Sophos is urging all computer users to assess the strength of their passwords and ensure that they are choosing unique and multiple passwords for every different sensitive account in order to thwart hackers and protect their personal and corporate identities.

The warning follows numerous recent cyberattacks whereby fraudsters have bypassed password security in order to break into web mail and social networking sites. Despite high-profile security breaches such as Jack Straw's Hotmail account being compromised, and cybercriminals gaining access to celebrity Twitter accounts after cracking an administrator password, a third of computer users are still using the same password for every website they access according to a Sophos poll conducted earlier this month*.

Do you use the same password for multiple websites:

* Yes, all the time 33%
* I have a few different passwords 48%
* No, never 19%

According to experts at Sophos, many computer users continue to overlook the importance of choosing strong passwords. When asked the same question three years ago, 41 percent admitted to using the same password for all websites, with just 14 percent always using a different one.

'It's worrying that in three years very few computer users seem to have woken up to the risks of using weak passwords and the same ones for every site they visit,' said Graham Cluley, senior technology consultant at Sophos. 'With social networking and other internet accounts now even more popular, there's plenty on offer for hackers and by using the same password to access Facebook, Amazon and your online bank account, you're making it much easier for them. Once one password has been compromised, it's only a matter of time before the fraudsters will be able to gain access to your other accounts and steal information for financial gain.'

Sophos advises all computer users to ensure they don't use dictionary words as passwords as it is relatively easy for hackers to figure these out using electronic dictionaries that simply try out every word until they get the right one. Furthermore, it's important not to choose common passwords like 'admin' or '1234' as cybercriminals also check these first. In fact, the Conficker worm uses lists of 200 common passwords to try and gain access to other computers on the network, meaning that if one employee is infected, the whole corporate network could quickly be compromised if strong passwords are not enforced.

'It's easy to understand why computer users pick dictionary words as they're much easier to remember,' continued Cluley. 'A good trick is to pick a sentence and just use the first letter of every word to make up your password. To make it even stronger, you can replace words like 'for' for the number 4, and this should give you peace of mind that your password won't be guessed. While there's still the issue of having to remember multiple passwords, there are some good password management systems that will encrypt all your passwords and only allow you to access them with the master password - of course, it's essential that this password is as strong as possible.'
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo