Why Password Security Should Concern the Enterprise IT Manager

The Chicago Tribune reported today that “researchers with Trustwave’s SpiderLabs^® said they discovered more than 2 million stolen passwords to websites such as Facebook, Google, Twitter and Yahoo while investigating a server in the Netherlands that cybercriminals use to control a massive network of compromised computers.” The credentials were found on the Pony Botnet server, and according to the Chicago-based Trustwave^® SpiderLabs^® blog post, “Look What I Found: Moar Pony!”, “the attack is fairly global.”

Of the passwords analyzed by Trustwave, the password 123456 was the most popular, appearing in the database more than 15,000 times, according to BBC News Technology. The passwords 123456789 and 1234 followed, taking their position as number two and three. Other passwords making rank on the “Top 10 Passwords” list appearing in the Trustwave SpiderLabs blog post include:

• password
• 12345
• 12345678
• admin
• 123
• 1
• 1234567
• With the 11th being 111111.

So, why should this latest news on hacking and password security be a serious concern to the Enterprise IT Manager? Because most users employ the same passwords for work as they do for social media accounts, and most use very simple passwords taht computers can crack in seconds. A frightening fact, this action is very risky and should be prohibited.   

Passwords should be different for social media, banking and enterprise/business purposes in order to mitigate and isolate damage, should a password be discovered. Ensuring passwords are complex, as well as following additional standards, are your best bet to preventing your password from being stolen. For more details on this topic, see one of our recent blog posts, Strengthen Your Cyber Security by Following These Latest Password Tips.

It’s important to note that the passwords included in the “Top 10 Passwords” list are the least complex and abide by none of the recommendations we posted in our previous blog.

What Can You Do as an Enterprise IT Manager to Improve Password Security? 

• Have your users change all their passwords to be stronger and use different passwords for their other accounts. Change your organization’s password policy to enforce the stronger password requirements.

• Have a vulnerability assessment of your enterprise performed where the hired organization tries to discover your end-users’ passwords. In doing so, you will expose weak and vulnerable passwords and coach users to change. 

• Bring training into your organization on a regular basis to increase awareness, and provide recommendations to keep your end-users and organization safe from the ever-changing criminal world in Cyberspace. Many cyber issues are a result of human actions, such as clicking bad links or visiting fraudulent websites that appear legitimate.

• 2015 update ideas for good passwords are to consider random passphrases that are at least 12 characters long and a mixture of special characters, numbers and letters. An example would be - but please don't use - "Blue sky green grass" phrase and converts to: bLu3$kyGR3engr@5$.