Weak passwords allow hackers in

2014-05-26 08:36
Weak passwords allow hackers to easily compromise computers and steal personal information. (Duncan Alfreds, News24)

Weak passwords allow hackers to easily compromise computers and steal personal information. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Cape Town - Weak passwords are one of the primary reasons that allow hackers to compromise passwords, says a security expert.

"People don't want to remember more than one password. It boils down to human nature - as long as you meet company policy, then you're okay," Andrew Kirkland, Trustwave regional director for Africa told News24.

The 2014 Trustwave Global Security Report found that weak passwords contributed to 31% of intrusions the company investigated in 2013.

The most commonly used password was "123456", followed by "123456789", "1234" and "password".

"It is a very big problem, and I'll tell you why: People are lazy. So if your company policy says to you that you've got to use a minimum of eight characters… users themselves, because they work for the company, they don't really care," said Kirkland.

Poor security habits

As news emerges from the US accusing Chinese officials of conducting a wide-ranging hacking campaign, it emerged that the alleged hackers used mundane deceptions to trick company officials into opening the "cyber door" to intruders.

According to the US Justice department, employees opened a number of attachments which installed malware on to internal networks.

Kirkland said that new computer users were unfamiliar with the dangers associated with being on the internet.

"I think that the general user out there who's being introduced to a computer, who's being introduced to social networking - they don't really understand the issues that it comes with."

Weak passwords allow hackers to easily compromise computers and steal personal information. (Duncan Alfreds, News24)

Kirkland said that poor security habits at work would evolve into similar private habits, especially as more people used websites and platforms which required password access.

"For me the most scary part of that is that '123456' becomes the password not only in your corporate environment, but it becomes our password in multiple sites. These people tend to want to only remember one password and use that password across their entire personal landscape, including their corporate environment."

US online giant eBay reported that up to 145 million users were potentially affected by a hacking breach that compromised user names, passwords and other personal data, though the company insisted that credit card numbers were not affected.

Spear Phishing

Trustwave said that computer users sometimes wrote passwords down or stored them in an unencrypted form.

"The first thing that stands out for me is education. Every company should take the responsibility to educate their employees about security - not only about meeting company policy - but about security in general so they have a habit: They apply the same principle when they go home," said Kirkland.

He added that companies tested their systems as the report found that 71% of breached firms do not detect the break-in themselves.

Spam is the primary method of delivering malware. (Duncan Alfreds, News24)

Trustwave also said that at least a quarter of internet users had identical usernames and passwords for multiple sites. Potentially, this makes it easy for cyber criminals, especially when they are targeting specific individuals in what is known as Spear Phishing.

Attackers using this method will tailor their deception so that the victim believes the communication to be genuine.

At least 59% of spam contained malicious attachment and 41% contained links that were designed to compromise a computer.

Some of the most common subject lines include: "Some Important Information is missing"; "Bank Statement. Please read"; "Important - Payment Overdue", Trustwave said in its report.

"Until we as a worldwide community understand that what this means, I think it's going to be very difficult to try and get rid of this problem," said Kirkland.

- Follow Duncan on Twitter
Read more on:    trustwave  |  internet  |  cybercrime

Join the conversation!

24.com encourages commentary submitted via MyNews24. Contributions of 200 words or more will be considered for publication.

We reserve editorial discretion to decide what will be published.
Read our comments policy for guidelines on contributions.

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
1 comment
Comments have been closed for this article.

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.


Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.