You Are Here: Home » Industry News » Password Security in Immediate Danger, Deloitte Claims

Password Security in Immediate Danger, Deloitte Claims

Computer users will have a hard time keeping passwords private this year. At least, that’s the view of Big Four auditing firm Deloitte. The findings of Deloitte’s TMT Predictions 2013 report reveal rampant re-use of passwords, which puts computer users at risk when these passwords are leaked and bruteforced with modern technologies.

“If you take a site with over six million users and you take ten thousand password combinations […] you will be able to access 98.1 percent of the accounts on that site,” said Jolyon Barker, Global Managing Director at Deloitte in a video presentation of the TMT Predictions 2013. “If you are looking at cracking applications today, what it took one year to analyze and break down for hackers can now be done in a matter of hours.”

That sounds worrying enough for a user to consider choosing a better password but there is more to cracking passwords than the report says. It may be true that bruteforcing hashed passwords now take a fraction of the time it used to take a couple of years ago, but the way passwords are now hashed has also undergone major improvements from a few years ago.

Unless they’re the Romanian Top Level Domain Registrar (which keeps passwords in plain-text in Anno Domini 2013), 6 million user web services have already learned the lesson from the Last.fm and LinkedIn incidents and are storing salted passwords, which dramatically minimize the effectiveness of bruteforcing, regardless of how powerful the cracking hardware is. I – for one – would be more concerned about other personal data that leaks along with the password.

Of course, it would be wise to heed the general idea of the report: don’t re-use your password on different accounts and make your password complex enough to withstand bruteforcing. The rest – take it with a grain of “salt”.

About The Author

Senior E-Threat Analyst

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Number of Entries : 332

Comments (5)

  • Frenk

    Great article. I can advice also using password management software.. for me Sticky Password works just fine. There are also other alternatives. You create and store super strong passwords and unique for each of your accounts…

    Reply
  • ViRii

    before use programs that store passwords, take few sec. and search on g. after some info stealers for ex. pony botnet, and look in his “hall of fame” after the program you want to store pass :-D

    Reply
  • Bogdan Botezatu

    @Virii: Totally relate to that. Anything that is based on keyrings can expose all your passwords if you compromise your master key. No thanks, I can still memorize my own passwords.

    Reply

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top