Why Mark Zuckerberg’s Password Choice Should Concern You

Earlier this month, Mark Zuckerberg’s accounts on Twitter, Pinterest, and LinkedIn were hacked. A hacker group, known as OurMine, posted on Zuckerberg’s “Hey @finkd (Mark Zuckerberg’s Twitter handle) we got access to your Twitter & Instagram & Pinterest, we are just testing your security, please dm (direct message) us.” OurMine later posted, “You were in Linkedin Database with the password ‘dadada’!”

Ourmine

Clearly, Zuckerburg made a poor password choice. Not only was his password choice poor, but he reused the same password on three social media websites. Furthermore, these are the only three accounts that were exposed. Zuckerburg probably used “dadada” on multiple other accounts. If you think about it, what doesn’t have a username and passwords these days? He could have used “dadada” on his mobile banking app, personal/work email, car insurance company website, health insurance company website, and so many more accounts!

According to SpeedyPassword.com, “dadada” would take less than one second for a hacker to crack:

dadada

Now to the important part – “Why Mark Zuckerberg’s Password Choice Should Concern You.” Keeping in mind that everyone has dozens of accounts to manage (work, personal, etc.), people tend to pick convenience over security. This is not a smart choice, considering how 71% of people admit to being a victim of a hack.

According to the list of most commonly used LinkedIn passwords, Zuckerberg’s choice was very consistent with the common password choices. No, “dadada” was not on the list, but easily hacked passwords like “123456,” “password,” “qwerty,” “sunshine,” “summer,” and “linkedin” were.

Looking at this from a work perspective, we can clearly see that not even the CEO of Facebook (Mark Zuckerberg) is safe from being hacked. If anything, the CEO might even have a larger target on their account from a hacker’s point of view. Their account will have access to privileged information. All a hacker wants is information. Everyone can be hacked – no one is safe! Zuckerberg’s choice to use “dadada” as a password mirrors the current password choices of the employees on your network. This should concern you.

mark

So, what can you do to prevent your employees from making the same password mistakes that Mark Zuckerberg did? Here are 5 helpful tips:

1. Ban Dictionary Words: Create a tailored list of words for your company that you do not want your employees to use as passwords. At nFront, we recommend banning words that are specific to your industry, your company name, local sports teams, and commonly used passwords (such as password, summer, football, etc.).

2. Require Spaces In Passwords: Requiring spaces in passwords helps users to create a passphrase as opposed to a password. Passphrases are longer than passwords which prevent hackers from being able to crack your password as easily. When a user creates a passphrase, it can actually be easier to remember than a password. “I went to the grocery store today!” is tremendously easier to remember than “dinosaur#TIGER5.” Also, passwords that are greater than 14 characters have an extra layer of security when being hashed [read why here].

According to the same website, SpeedyPassword.com, “I went to the grocery store today!” reports taking 3.016692807441081e+41 years to crack:

grocery password

3. Requiring Passwords To Be Greater Than 14 Characters: As the previous tip mentioned, passwords that are greater than 14 characters are stored more securely. If a password is 14 characters or less, it is stored using the LM Hash. LM hash passwords are much more susceptible to brute force attacks due to the weak hashing method. Passwords that are greater than 14 characters must be hashed using the NT hash. Using the NT hash, the password is stored using the Message Digest Algorithm (MD4 Algorithm) on the SAM database. This is a much more secure method [read more here].

4. Educate Employees On Password Security: This seems very simple, but yet it is a very complicated task. Research shows that even with password education, employees still lack the knowledge to make smarter password choices. You should educate employees on what makes a smart password and what does not. It is important to have a software in place that forces users to make smart password choices.

5. Implement A Password Filter Software: Using a password filter can remove the burden of manually policing employees on smart password choices. You won’t have to continually run password crackers and rainbow tables monthly to see if employees are using “Password1” or “Summer2016” as a password – which is allowed using Microsoft Password Complexity. These passwords won’t be allowed if you use the nFront Password Filter.

Twitter Digg Delicious Stumbleupon Technorati Facebook Email

Comments are closed.