Warning: Creating default object from empty value in /nfs/c09/h03/mnt/132495/domains/blog.nfrontsecurity.com/html/wp-content/themes/headlines/functions/admin-hooks.php on line 160

The 90’s want their passwords back!

Is your password policy stuck in the 90’s? The first release of Windows NT was in July of 1993. This being said, like we’ve had to adopt to the steep fluctuations in gas prices … you too can adopt a new password policy that is 21st Century approved!

Gas Prices

Back in the 1990s, there were very few data breaches happening to companies. A “weak” password today might have been perfectly acceptable for you in the 1990s. If we look at the chart below, the history of data breaches were hardly even being recorded before the early 2000s. There were so few that it wasn’t even necessary to track. Following the trend of the graph, we can determine that there were less than 25-50 data breaches happening per year in the United states around the 1990s.

trend 1990s

The notorious hackers of the 1990s were Kevin Mitnick who was convicted of 14 counts of wire fraud and 8 counts of possession of unauthorized access devices, Mark Abene who hacked AT&T, and Kevin Lee Poulsen who stole numerous military documents. In my opinion, those are the three most notable hackers of an entire decade. Yet in 2016, we are seeing data breach after data breach – they are happening almost weekly! Instead of having only three notable hackers, now the FBI has created a Cyber’s Most Wanted list that contains about 20 wanted cyber criminals:

most wanted

Last year in 2015, there were nearly 800 data breaches. Data breaches have increased over 16 times since the 1990s. Many IT professionals are saying that it is a matter of WHEN not IF you are going to be hacked if you are allowing users to have weak passwords. As I touched on earlier, using “Baseball” or “Password1234” could have been a perfectly secure password back in the 1990s, but now with advanced rainbow tables being used and reports being released that those are some of the top passwords being selected… they are no longer safe choices!

When a hacker decided he or she is going to hack a network, they don’t just sit down and start typing in passwords. They use advanced rainbow tables for dictionary attacks and brute force attacks. Rainbow tables can try thousands of combinations in less than one minute. Shorter passwords can takes just seconds as they are easier and less complex to hack. These concerns were not present two to three decades ago. Yet today, they are very important issues that need to be taken care of by IT professionals who are in charge of their company’s password policy.

Microsoft has created a Password Complexity feature that allows the administrator to enforce passwords greater than 6 characters long, use 3 out of 4 character sets, and do not allow a user’s username or screen name to be included in a password. Passwords such as “Password1,” “Summer2016,” and “Letmein!” are allowed using Microsoft’s Password Complexity feature. These are very easy passwords to hack.

complexity

Recently, Microsoft started banning passwords that appear on the most common passwords list from the LinkedIn breach. However, even with Microsoft’s attempt to ban a specific list of passwords and the option to use the password complexity feature, this is still not enough for creating a 21st century approved password policy. A few easy passwords have slipped through Microsoft’s ban list like “Pa$$w0rd1.” Additional features need to be in place, such as banning your company’s name and important terms in your industry. Instead of settling with password policy features that will lead you to be the next headline news story for a data breach, use a proactive approach and secure your network today [Click here to see how].

Twitter Digg Delicious Stumbleupon Technorati Facebook Email

Comments are closed.