Blog

Study On Passwords Shows People Still Use Breached Passwords

Aug 28, 2019 | Blog

Google recently released a large-scale password study that will probably give every IT manager in the country heartburn. The results of their study indicate that a disturbing percentage of users continue to use passwords after they’ve been warned that those passwords have been compromised.

 

One of the most common tactics hackers employ is called ‘password spraying.’  It’s a simple technique.  The hackers simply try several compromised passwords (even if they’ve been floating around the Dark Web for months) thinking that a surprising percentage will still work.  Google’s study confirms the hackers’ beliefs to be true.

Right now on the Dark Web, there are more than 4 billion passwords known to be compromised.  The scope and scale of the problem is staggering. Worse, the users who have compromised accounts are, as a rule, slow to do anything to mitigate the danger.  According to the results of the study, only 26.1 percent of users who saw an alert indicating a compromised password bothered to change it.  Barely one in four.

Even when users did bother to change their passwords, 60 percent of the time, the new password was found to be vulnerable to a simple guessing attack. Although in fairness, 94 percent of changed passwords wound up being stronger than the previous one.

To collect the information, Google relied on a newly offered Chrome extension called Password Checkup, which it claims is superior to Firefox’s Monitor and the “Have I Been Pwned” website.

The company contends that these other solutions could be exploited by hackers, summing it up as follows:

“At present, these services make a variety of tradeoffs spanning user privacy, accuracy, and the risks involved with sharing ostensibly private account details through unauthenticated public channels…For example, both Firefox and LastPass check the breach status of user names to encourage password resetting, but they lack context for whether the user’s password was actually exposed for a specific site, or whether it was previously reset.

Equally problematic, other schemes implicitly trust breach-alerting services to properly handle plaintext usernames and passwords provided as part of a lookup.  This makes breach alerting services a liability in the event they become compromised (or turn out to be adversarial).”

 

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech