Military strength password? Think again!

MyBroadband recently published an article which listed the most commonly used passwords and PINs, highlighting the need for a strong password policy.

Current password policies typically require people to use mixed capitals, characters, and so on and avoid keyboard series (such as QWERTY), number series (such as 123456) and people’s names (such as James or Jessica).

New research from online security firm Imperva shows that a good password policy can still be circumvented with patterns.

Imperva’s analysis of military passwords, which were governed by a strong password policy requiring a mix of numbers, letters and characters, showed clear patterns.

The top passwords were:

  1. !QAZ2WSX
  2. 1QAZ!QAZ
  3. [email protected]
  4. ZAQ!2WSX
  5. [email protected]
  6. 1QAZZAQ!

Seem secure? Think again. Take the first password and type it on your keyboard. A clear pattern emerges very quickly.

Password keyboard pattern
Password keyboard pattern

“We aren’t the only ones who are taking note.  Here’s a screenshot from a hacker forum where someone not as sweet as we are doing a similar analysis,” Imperva said in a blog post.

Military passwords
Military passwords

“Enforcing strong passwords means anticipating all kinds of keyboard sequences,” said Imperva.

“We recommend the passphrase. Passphrases are generally stronger, and a clearly better choice in these cases.”

“First, they usually are (and always should be) much longer—20 to 30 characters or more is typical—making some kinds of brute force attacks entirely impractical. More importantly, they are easier to remember and harder to crack,” Imperva concluded.

Latest news

Partner Content

Show comments

Recommended

Share this article
Military strength password? Think again!