MyBroadband recently published an article which listed the most commonly used passwords and PINs, highlighting the need for a strong password policy.
Current password policies typically require people to use mixed capitals, characters, and so on and avoid keyboard series (such as QWERTY), number series (such as 123456) and people’s names (such as James or Jessica).
New research from online security firm Imperva shows that a good password policy can still be circumvented with patterns.
Imperva’s analysis of military passwords, which were governed by a strong password policy requiring a mix of numbers, letters and characters, showed clear patterns.
The top passwords were:
Seem secure? Think again. Take the first password and type it on your keyboard. A clear pattern emerges very quickly.
“We aren’t the only ones who are taking note. Here’s a screenshot from a hacker forum where someone not as sweet as we are doing a similar analysis,” Imperva said in a blog post.
“Enforcing strong passwords means anticipating all kinds of keyboard sequences,” said Imperva.
“We recommend the passphrase. Passphrases are generally stronger, and a clearly better choice in these cases.”
“First, they usually are (and always should be) much longer—20 to 30 characters or more is typical—making some kinds of brute force attacks entirely impractical. More importantly, they are easier to remember and harder to crack,” Imperva concluded.