More than 90% of passwords vulnerable to cyber-attack

  • Share via facebook
  • Tweet this
  • Bookmark and Share

Nearly every user-generated password, including those considered strong by IT departments, will be vulnerable to hacking this year, a new report has warned.

The Deloitte Technology, Media and Telecommunications Predictions 2013 report says better security policies are needed, with more than 90 percent of user-generated passwords at risk of being compromised in 2013.

Inadequately protected passwords could cause billions of dollars in company and personal losses, declining confidence in internet transactions and significant damage to the reputations of the attacked businesses.

“Current rules regarding password expiration, minimum length, use of the full symbol set, and password resets are vulnerable and need to be strengthened,” the report says.

Passwords with at least eight characters and including mixed-case letters, at least one number and one non-alphanumeric symbol have long been considered relatively strong and safe enough to be used for high-value transactions such as banking, but Deloitte, an international consulting firm, says human behaviour and advances in technology have rendered the ‘strong’ password vulnerable.

Despite such passwords making 6.1 quadrillion possible combinations, users generally use on a fraction of these, creating a global pool of common passwords.

“For example, users often create passwords that reference words and names in our language and experience,” the report says.

“Users typically put the upper case symbol at the beginning of the password and place the numbers at the end of the password, repeating the numbers or putting them in ascending order.

“Although a keyboard has 32 different symbols, humans generally only use half-a-dozen of these in passwords because they have trouble distinguishing between many of them.

“These tricks and tendencies combine to make passwords less random, and therefore weaker.”

But re-use of passwords is an even bigger concern. According to a 2012 survey, the average user has 26 password-protected accounts but only five different passwords.

Advances in technology also have made it easier and faster for hackers to obtain passwords, with a dedicated graphics processing unit able to crack any eight-character password in 5.5 hours.

Crowd-hackers also distribute the task over thousands of slower machines, with each focusing on a different part of the puzzle, to reveal the password even faster.

“As the value of the information protected by passwords continues to grow, attracting more hack attempts, high-value sites will likely require additional forms of authentication,” the report says.

Mobile passwords are less secure than those used on a PC because users generally do not use the full spectrum of characters available.

The average user takes 4-5 seconds to type a strong ten-character password on a PC keyboard, while it takes 7-10 seconds on a smartphone with a keyboard and 7-30 seconds on touchscreen devices, the report says.

A quarter of people surveyed in 2012 admitted to using less-secure passwords on mobile devices to save time.

“On a smartphone with a small physical keyboard, accessing all possible characters takes a bit longer; on a touchscreen-only device, a user may have to page through multiple screens just to find the “#” symbol.”

Join the Discussion

Disclaimer:The view expressed here by our readers are not necessarily shared by Arabian Business, its employees, sponsors or its advertisers.

Please post responsibly. Commenter Rules

  • No comments yet, be the first!

Enter the words above: Enter the numbers you hear:

All comments are subject to approval before appearing

Further reading

Features & Analysis
UAE's role in the new space race

UAE's role in the new space race

In the last five years, the UAE has invested heavily in a bid...

An Instagram photo is worth a thousand words

An Instagram photo is worth a thousand words

Instagram has become the social media platform of choice for...

Fear and roaming in the Gulf

Fear and roaming in the Gulf

The Gulf’s telecommunications giants are once more pushing ahead...

Most Discussed
  • 15
    Germany puzzled as UAE think tank ordered to close

    Matt, your words sound kind of funny given the role the Britain has played in this region for so many decades.
    And given the democratic tradition that... more

    Thursday, 17 April 2014 7:10 PM - one of the joes
  • 10
    UAE father who whipped son to death wins appeal

    "Under Sharia, a parent cannot be executed for killing their child"
    A spouse could be executed if he/she kills his/her spouse, as none of them is... more

    Friday, 18 April 2014 3:38 PM - Nihar
  • 3
    To diet or not to diet?

    It is best to eat by your blood type. Following this diet is miraculous. Generic diets don't always work as certain foods are not good for the individual... more

    Friday, 18 April 2014 11:49 AM - Shamira Mitha
  • 54
    Three UAE women attacked with hammer at London hotel

    I really feel that Arabian Business.Com should now close this comments page. This should be all about sympathy for the families not what it is/has turned... more

    Wednesday, 16 April 2014 1:06 PM - Adrienne
  • 51
    Why Dubai isn't a plastic city

    What is definitely not a plastic city. The Arabs have a culture dating back to several centuries. 50 years back Dubai was just a fishing village. Today... more

    Tuesday, 8 April 2014 3:49 PM - P. MADHUSUDAN
  • 48
    DMCC boss Ahmed Bin Sulayem entertains Robert Mugabe in Dubai

    @fga ''However today, simply because he decided to dispossess a few white farmers of their land and redistribute to the poorer indigenous blacks'' more

    Sunday, 13 April 2014 3:02 PM - Matt Williams