Receive the latest mybusiness news
Copyright © 2020 MOMENTUMMEDIA

96% of passwords fail basic security test

Adam Zuchetti
Adam Zuchetti
25 January 2018 1 minute readShare
Password, login information

Chances are your passwords, and those of your employees, are not substantive enough to minimise the risk of cyber intrusions, despite known frameworks significantly reducing the threat of a breach.

Recently, independent provider of identity for enterprise Okta unveiled its fourth annual Businesses @ Work Report, which included the stunning finding that just 4.4 per cent of business passwords fit the default policy of more than eight characters and including a mix of digits and both upper and lower case letters.

According to the report, half (50.5 per cent) of passwords are too short, and 45 per cent are too weak by not having a combination of various characters and digits.

This is despite evidence that strong password policies can protect businesses from “brute force and password spraying attacks”.

“Passwords aren’t a silver bullet to protect your apps and data. They’re just one piece of what should be a much more sophisticated puzzle,” the report noted.

“However, the good news is that companies of any size can mitigate many password based attacks by enforcing longer credential length and MFA (multi-factor authentication).”

Okta said the standard company policy for creating passwords involves these five steps:

  1. A minimum length of eight characters
  2. At least one lowercase letter, one uppercase letter and a number
  3. A maximum of 10 password attempts before locking a user out of his/her account
  4. Recovery tokens expiration period is set at one hour
  5. Prohibit any password that includes the username

When followed correctly, this strategy significantly enhances the effectiveness of passwords. Indeed, in an analysis of passwords that were breached, just over half (50.5 per cent) used less than eight characters, while even more failed to incorporate a mixture of characters.

However, former hacker turned global cyber security consultant Kevin Mitnick previously told My Business that an even better approach is to move away from “passwords” and look to the creation of “passphrases”.

“A phrase like from Pink Floyd – ‘We don't need no education’, from the album The Wall … a passphrase of over 25 to 30 characters; it doesn't have to be with numbers and upper case and special symbols at all, it just could be a sentence,” he said.


96% of passwords fail basic security test
mybusiness logo
Adam Zuchetti
Adam Zuchetti

Adam Zuchetti is the former editor of MyBusiness and a senior freelance media professional, specialising in the fields of business, personal finance and property. In 2020, he also embarked on his own business journey – inspired in part by the entrepreneurs and founders he had met through his journalistic work – with the launch of customised pet gifting and subscription service Paws N’ All.

Leave a Comment

Latest poll

How satisfied are you with the SME measures in the federal budget?