While some security experts are predicting passwords will be extinct by 2025, most organizations are still faced with the seemingly herculean task of managing password security across the hundreds, and sometimes thousands of systems, databases, and applications that run their businesses and that store their sensitive data. In his recent post, Naked Security author Paul Ducklin writes about the hack of the European Space Agency (ESA), which was carried out by the hacking collective Anonymous. The group leaked several files from the hack online, which has provided some interesting insight into ESAs password management practices, and a few things security manages may want to keep in mind:
- 40% of more than 8000 alleged passwords that were dumped in the breach were three characters long, and that more than a third of the rest were no longer than 8 characters.
- The 8-character passwords included two of the worst passwords possible: password and 12345678
- 2% of the passwords were 14 characters or longer, which suggests that some passwords may have been stored in clear text
Based on our experience, these issues are not that uncommon.
To read more: