Advertisement
Promo

Security threats Toolkit

Hackers steal easily guessed passwords

Andy McCue silicon.com

Published: 23 Oct 2003 13:05 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Hackers are increasingly resorting to social engineering techniques to obtain confidential passwords, as businesses become better at locking down and patching their computer networks.

And the bad news is that users are still very much the weak link when it comes to choosing and protecting their passwords, according to the results of a survey of IT security experts.

It found that 15 percent of those asked in an online questionnaire to give their network passwords in order to be entered into a prize draw happily clicked through to the page ready to divulge the information.

Paul Vlissidis, head of risk services at technology consultancy NCC Group, which carried out the survey, told silicon.com that the problem of staff -- and especially those in IT who should know better -- being lazy with passwords is leaving companies at risk.

"It is laziness and ignorance causing network security problems. Passwords are of greater importance now that remote access has increased from laptops and PCs with broadband at home," he said.

He said that social-engineering techniques used by hackers to glean passwords that will give them access to corporate networks are on the increase, as IT departments get better at protecting their systems.

"It is increasing as people wake up to other kinds of network vulnerabilities, such as patching systems, and as they narrow down areas of attack, hackers are going to run out of places to exploit and so will go for passwords."

Common bad practice includes shared passwords for departments and obvious popular passwords such as football clubs -- and Vlissidis said those in the boardroom are often the main culprits.

The advice for users is to avoid using for passwords dictionary words that can be cracked by programs, and to use a mixture of numbers and letters. One method is to choose a favourite song or poem and take the first letter from each line of the first verse along with a couple of numbers. When it comes round to change the password, just move on to the next verse.

"As long as you know what that song is, you will never forget the password," said Vlissidis.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
115 out of 226 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

4 comments

  1. I would "happily" click through to the page too, b... no name
  2. It is very obvious that IT Security Professionals... Jimmie Grimes
  3. i want to be a hacker ,may you can help me i am an... Anonymous
  4. hi amir

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:



Related Jobs

Project Manager, Hampshire 45 - 50k Engineering / Electronics

Modelling & Simulation Engineer - Middlesex - Urgent

Retail SAS Decision Science - Manager - Nationwide - 55000

Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters