Cracking the Code on Password Protection

Computer Code

Passwords are often overlooked, which is unfortunate because poor password protection is like handing over your house keys to a thief.

To add to my collection of corporate security tips, I’ve been looking for specific information pertaining to password protection. Passwords are often overlooked, which is unfortunate because poor password protection is like handing over your house keys to a thief. John, one of our IT guys pointed me in the direction of a recent article from Bloomberg Businessweek, “The Problem With Passwords“. The article contains data compiled from Gartner, Forrester, Duo Security, Imperva and LastBit Software, comparing and contrasting different password lengths. The data included in the article also reports that the most common passwords are 123456, password, 12345678, qwerty and abc123.

Password Problems:

Here’s some more interesting information from the article:

Time it takes a hacker’s computer to randomly guess your password:

Length: 6 characters -  Lowercase only: 10 minutes,  Lowercase and Uppercase: 10 hours, Lowercase, Uppercase, Nos. & Symbols: 18 days

Length: 7 characters -  Lowercase: 4 hours, Lowercase and Uppercase: 23 days, Lowercase, Uppercase, Nos. & Symbols: 4 years

Length: 8 characters – Lowercase: 4 days, Lowercase and Uppercase: 3 years, Lowercase, Uppercase, Nos. & Symbols: 463 years

Length: 9 characters - Lowercase: 4 months, Lowercase and Uppercase: 178 years, Lowercase, Uppercase, Nos. & Symbols: 44,530 years

Incident Report Template Pack Free Download

Ready-to-use templates to record environmental, injury, security and general workplace incidents.

Download Templates

Average amount it costs a business to field a phone call requesting a password reset: $10
Proportion of help desk calls that are password-related: 30%
Users who choose a common word or simple key combination for a password: 50%

Employee Education

Based on this information, organizations might want to make it mandatory that all employees must create a password that’s 9 characters long and contains lowercase and uppercase letters, numbers and symbols. You’ll probably be safe with one that’s 8 characters long, but go with 9 for good measure, because 44 530 is a pretty long time. This data tells it like it is and shows you just how quickly computers and other systems with poor passwords can be hacked. You can’t afford to have employees make these mistakes within your organization. The information from this article has been printed and hangs in a central location in our office as a reminder for employees.

It might be a good idea for your company to do the same thing. Employees need to be educated about password protection because a password like 12345678 isn’t going to cut it when it comes to protecting files containing confidential information. Hopefully this information serves as a wakeup call for those who don’t take time to consider the importance of their password choices - or those who stick to the same password for everything.

ARTICLE AUTHOR


VP Sales & Marketing

Ask me a question

Article Published February 23, 2011

Article Tags: