logo
Receive the latest mybusiness news
SUBSCRIBE TO OUR NEWSLETTER
Copyright © 2020 MOMENTUMMEDIA

96% of passwords fail basic security test

Adam Zuchetti
Adam Zuchetti
25 January 2018 1 minute readShare
Password, login information

Chances are your passwords, and those of your employees, are not substantive enough to minimise the risk of cyber intrusions, despite known frameworks significantly reducing the threat of a breach.

Recently, independent provider of identity for enterprise Okta unveiled its fourth annual Businesses @ Work Report, which included the stunning finding that just 4.4 per cent of business passwords fit the default policy of more than eight characters and including a mix of digits and both upper and lower case letters.

According to the report, half (50.5 per cent) of passwords are too short, and 45 per cent are too weak by not having a combination of various characters and digits.

Advertisement
Advertisement

This is despite evidence that strong password policies can protect businesses from “brute force and password spraying attacks”.

“Passwords aren’t a silver bullet to protect your apps and data. They’re just one piece of what should be a much more sophisticated puzzle,” the report noted.

 

“However, the good news is that companies of any size can mitigate many password based attacks by enforcing longer credential length and MFA (multi-factor authentication).”

Okta said the standard company policy for creating passwords involves these five steps:

  1. A minimum length of eight characters
  2. At least one lowercase letter, one uppercase letter and a number
  3. A maximum of 10 password attempts before locking a user out of his/her account
  4. Recovery tokens expiration period is set at one hour
  5. Prohibit any password that includes the username

When followed correctly, this strategy significantly enhances the effectiveness of passwords. Indeed, in an analysis of passwords that were breached, just over half (50.5 per cent) used less than eight characters, while even more failed to incorporate a mixture of characters.

However, former hacker turned global cyber security consultant Kevin Mitnick previously told My Business that an even better approach is to move away from “passwords” and look to the creation of “passphrases”.

“A phrase like from Pink Floyd – ‘We don't need no education’, from the album The Wall … a passphrase of over 25 to 30 characters; it doesn't have to be with numbers and upper case and special symbols at all, it just could be a sentence,” he said.

SPONSORED CONTENT

 

 

96% of passwords fail basic security test
mybusiness logo
Adam Zuchetti
Adam Zuchetti

Adam Zuchetti is the editor of My Business, and has steered the publication’s editorial direction since early 2016. 

The two-time Publish Awards finalist has an extensive journalistic career across business, property and finance, including a four-year stint in the UK. Email Adam at [email protected]

Leave a Comment

Latest poll

Did you expect more from the government's JobKeeper extension?