Connect with us

Hi, what are you looking for?

Tech & Science

Just how weak is your password? Real-life passwords revealed

Weak password does not always mean length and the characters used, it also means the guessability.

China to target biggest payment app Alipay in tech crackdown: FT
Alipay's app (QR code L) currently allows users to pay with a traditional credit card linked to their bank or offers small unsecured loans to buy anything from toilet paper to laptops - Copyright AFP/File GREG BAKER
Alipay's app (QR code L) currently allows users to pay with a traditional credit card linked to their bank or offers small unsecured loans to buy anything from toilet paper to laptops - Copyright AFP/File GREG BAKER

The network security provider Fortinet announced yet another breach disclosing VPN login credentials for approximately 87,000 of its devices. What is of greater interest is rather than just another data leak, the data contained some interesting ‘gems’ about the robustness of user passwords.

The information about passwords comes from researchers from Specops Software, who have analyzed data from the breach, identifying the top 10 passwords exposed from the leak. What is interesting about the list is the lack of robust security round the passwords. In other words, they are easy to hack.

The top ten passwords are:

  • Temporal2020 835
  • 123456 793
  • asdf123 393
  • Juzgado2020 371
  • pass@123 361
  • Password1 338
  • macaw777 323
  • P@ssw0rd 290
  • U-SG-SSL-General_User 277
  • 12345678 217

These are examples of weak passwords. These are short, common, a system default, or something that could be rapidly guessed by executing a brute force attack using a subset of all possible passwords.

Weak password does not always mean length and the characters used, it also means the guessability. As n example, ‘Name@12345’, it looks quite complex password but can be guessable.

Weaknesses often arise because many organizations that do impose complex password requirements, the requirements are not always robust or complex enough to reduce the success of attackers.

Messaging Digital Journal with the information, Darren James, Product Specialist and Head of Internal IT, Specops Software, discusses the nature of the leak and the weaknesses around the passwords.

With the leak itself, James explains: “This leak is unfortunate but not completely surprising. We know that ransomware attacks are continuing to rise and that the VPN password is a popular path to deploy ransomware. We saw it with the Colonial Pipeline attack, and now we see it here with this VPN leak.”

Moving onto the subject of the fragility of the passwords, James says: “VPN passwords are still vulnerable and we see from this data that people are still not choosing strong passwords. Even with ransomware, organizations need to remember the security basics – enforce strong passwords checked against a breached list.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

Mayor Bill de Blasio (D) announced on Monday that New York City is implementing a vaccine mandate for private-sector employers.

Entertainment

This week’s releases include revisiting a horror legend; a slasher version of a classic tale; a body switch movie from the vault and more.

Life

A Hawaii Army National Guard Search and Rescue Team member assesses the damage done to the road by the heavy rains and flooding on...

World

Mass tourism had brought the archipelago, immortalised in Leonardo DiCaprio movie "The Beach", to the brink of catastrophe.