Wednesday, January 18, 2017

Open doors

The repor of the week

Who has not heard speak our grandparents, ancestors or someone that we know once about that when they were younger they used to leave the door of the houses open at the villages even at nights, without any fear that a stranger would get inside their property? The doors were always open to welcome neighbors who walked in without asking and feeling like it was also their home. Today, in many of these small towns, the houses' door are no longer wide open, and even less in the cities, where sometimes we even don't know who lives next to our door.

This change of trust in people, whether they are known to us or not, has also been reflected in many other areas, such as cybersecurity. We are often writing down and giving our personal data to an internet website, but many times, we forget, something as simple as use a secure password. And being honest, we need to remember that we are not in those villages were many years ago we could leave the door of the house opened.
Passwords are the keys that give access to our personal data. Not only photos, or social media accounts but also and most important, information about bank accounts... and that is something that hackers are very interested of. It is worth to think and take a little time in finding us a password with formulas that are unique to us. Who has not ever thought that any day we can be victims of a computer hacker? It's better safe than sorry.

A recent Keeper security report posted at Security Week reveals that the most used passwords in 2016 are curiously the weakest passwords and that users are still blind. Experts keep advising them to make them realize about how important the use of a safer passwords is. The data from this study reveal how by the end of 2016, "123456" was still the most used password, specifically, 17% of the users have been "safeguarding" their accounts with this password.

A several of massive data intrusions released last year demonstrated the importance of using a strong password. These attacks included Dropbox (68 million accounts affected), LinkedIn (167 million), Myspace (360 million), Tumblr (65 million), (43 million) and VK (170 million) By Yahoo (500 million) in September (the company revealed in December that billions of accounts were affected in another incident).

If 2016 teached us anything is that the recipe for a horrible security of account consists in having a weak password and also have the same one in multiple websites. The attacks on Carbonite, GitHub, Netflix, Facebook, GoToMyPC, Reddit, TeamViewer and Twitter have already shown that cybercriminals are aware of this practice and are quick to take advantage of it.

While companies like Amazon and Microsoft reacted quickly to this problems activating password resets for users who had accounts with weak passwords. Users are still in risk because most of the companies do not take a stand and continue to allow users to have accounts with weak passwords.

In fact, according to a study published in 2015, most companies take more than six months to detect massive data breaches. It is known that this time is enough to steal data and spy on victim companies what makes the increase in the cost of cyber-attacks.

According to Keeper Security, the ten most used passwords in 2016 were:

1. 123456
2. 123456789
3. qwerty
4. 12345678
5. 111111
6. 1234567890
7. 1234567
8. contraseña
9. 123123
10. 987654321

Keeper's security report, which scans more than 10 million passwords, also reveals that the 25 most popular passwords are used to protect more than 50 percent of accounts. Some of these passwords are popular because they are used to protect accounts created by bots, but this report reveals that they can all be accessed in seconds with the use of dictionary-based hacking tools.
Some users, according to the report, try to save their accounts by using patterns, such as "1q2w3e4r" and "123qwe", but the general use of these passwords makes them easily predictable as well. The report suggests using complex passwords and a password manager, allowing you to have a different password for each of your accounts.

"Without using a password manager almost everyone I know goes back to using the same passwords, having dozens if not hundreds of passwords that you need to try to remember. Obviously that will not work" "Says Rafal Los, Managing Director of R & D Solutions within the CISO Office for Optiv, in a column of SecurityWeek. It also notes that service providers should not focus just on policies that force users to use complex passwords that they can often re-establish, but rather on building a good "password education" to teach users to have a healthy behavior .

Therefore, what is clear is that we must learn that is on us to have a protocol of action when we chosse our passwords and follow the advice that expertsgave us. Don't reuse them in multiple services, try to be unique and take some time to think about them.

Let's consider the purpose of 2017 to eliminate the 'common' paswords, for the sake of cybersecurity and for ourselves. It is clear that using those kind of passwords would be something similar to leaving our home's door open.


Post a Comment