Password Security: Are You at Risk?

Dennis Faas's picture

There's no doubt about it, security is a hard problem to solve.

The rich functionality and connectivity we enjoy in today's Internet culture does not come without a price. Admittedly, there are so many variables that affect the overall security posture of a computer, that it sometimes seems like an overwhelming task to stay ahead of the curve.

But with all the intricacies and technical dependencies that go along with securing our machines, it's still the basic steps that we need to be most concerned about doing.

The Most Exploited Weakness in Computer Security

The SANS Institute maintains a list of the top 20 security vulnerabilities being leveraged around the globe. Do you know what shows up on the list as one of the most exploited weaknesses, over and over again? Weak passwords.

That's right.

It's not buffer overflows, database weaknesses, or web server vulnerabilities, but simple, easy-to-guess passwords. It's weak passwords!

The fact remains that the majority of us as Internet users are not following good password practices. Oftentimes during a password audit I'll see the same types of passwords coming up again and again -- children's names, pet's names, phone numbers, etc. These aren't good passwords because they're associated with publicly known facts about us.

Another poor password practice is to reuse the same password on multiple systems. The problem is that if our password on one system is compromised, an attacker immediately has a probable password to try on another system.

A third poor, yet common, password practice is to keep using the same passwords indefinitely. Common sense says a password is less likely to be compromised if it is frequently changed or rotated.

With all the sophistication of today's applications, an attacker still has the greatest chance of compromising a computer by exploiting weak passwords. And until we get it right, there appears to be plenty of low hanging fruit to go around.

Minimizing Password Security Risks

Stay tuned for part two in this series, where we'll explore solid password practices you can easily implement to minimize your risk.

For more great tips like this one, be sure to download David's free security newsletter to your mailbox, today!

Rate this article: 
No votes yet