Security Corner

Nov 25 2009   2:13AM GMT

Golden Rule #4: Can a Criminal Hacker Guess Your Password?

Ken Harthun Ken Harthun Profile: Ken Harthun

Golden Rule #3 stressed the importance of changing the default user name and passwords of all configurable network devices. That’s good advice. But a weak password, one that is easily guessable, is almost as bad as no password. Far too many people use a password that’s obvious; i.e., given some basic information about the person, a determined hacker could easily guess it without too much effort.

Two clients I have serviced, both of which generate some serious confidential data, set up initial passwords for new users in the form password.2008 or changeme. (Thankfully, I recently convinced both of these clients to implement strong password policies!) I’ve been able to use basic observation and small talk to guess users’ passwords about 20% of the time. The first thing I try is a blank password–you’d be surprised how often that works, especially for home users. Next, I’ll try the user name, the spouse’s name or “password.” I may try a couple of other things, like “123456,” “asdfjkl;” or, believe it or not, “********.” Usually, though, I just ask them for the password and they give it to me.

According to Wikepedia there are several things many people use as passwords that results in their being predictable:

Repeated research has demonstrated that around 40% of user-chosen passwords are readily guessable because of the use of these patterns:

  • blank (none)

  • the word “password”, “passcode”, “admin” and their derivates

  • the user’s name or login name

  • the name of their significant other or another relative

  • their birthplace or date of birth

  • a pet’s name

  • automobile license plate number

  • a simple modification of one of the preceding, such as suffixing a digit or reversing the order of the letters.

  • a row of letters from a standard keyboard layout (eg, the qwerty keyboardqwerty itself, asdf, or qwertyuiop)

So, if you want to protect your router and the other devices on your network, never use anything from the above list and apply Golden Rule #4: Use an unguessable, or difficult-to-guess password always.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: