Share

Top 5 Stories

News

90% of passwords can be cracked in seconds

15 January 2013

More than 90% of user-generated passwords can be made vulnerable to hacking in a matter of seconds, according to new research from Deloitte.

The consulting firm's Canadian Technology, Media & Telecommunications (TMT) Predictions 2013 report covers a range of technology predictions, including the outlook for subscription TV services and 4K televisions, but the vulnerabilities in today’s password practices top the list of things to consider in 2013.

The problem, researchers said, is that everything that we thought to be true must be reconsidered given advances in technology.

"Passwords containing at least eight characters, one number, mixed-case letters and non-alphanumeric symbols were once believed to be robust,” said Duncan Stewart, a director of research for the report. “But these can be easily cracked with the emergence of advance hardware and software.”

For instance, a machine running readily available virtualization software and high-powered graphics processing units can crack any eight-character password in about five hours, he noted.

But as ever, human behavior gets in the way when it comes to being safe. Specifically, the inability to remember multiple unique 24-character password strings. The limitations of most humans’ ability to remember complex credentials means that there is a tendency for password re-use, which also puts password security at risk. If a hacker cracks even an innocuous account, like a grocery store loyalty card, the credentials are likely to have been used elsewhere, like for online banking. Once a hacker has a password, he or she can potentially have the keys to the cyberkingdom based on most consumers’ behavior.

“Moving to longer passwords or to truly random passwords is unlikely to work, since people just won't use them,” Stewart said.

However, all hope is not lost: Multifactor authentication using tokens, cellphones, credit cards and more are likely solutions. That means that having additional passwords sent through SMS to a phone, a requirement for fingerprints and other biometrics, or even 'tap and go' credit cards may be the norm in the future, he concluded.

This article is featured in:
Identity and Access Management  •  Industry News  •  Internet and Network Security  •  Security Training and Education

 

Comments

MJELS says:

22 January 2013
Cant believe that in 2013 anyone would seriously suggest use of SMS as a means of multifactor authentication. This creates a false sense of security and opportunity for even greater losses from fraud. Fraudsters can and do arrange for porting of the target customer mobile number to a new mobile service provider - They then receive the SMS message, completely undermining the assumed mulitfactor authentication.

mulangi says:

21 January 2013
There;s something I don't understand.
How will the cracking device know that it has cracked the password without testing it? Will the device not need to attempt to login many times before being successfull. Because most systems will only allow a very limited number of attempts before lockout, how can the password be cracked?
Thanks,
Mulangi

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×