To add to my collection of corporate security tips, I’ve been looking for specific information pertaining to password protection. Passwords are often overlooked, which is unfortunate because poor password protection is like handing over your house keys to a thief. John, one of our IT guys pointed me in the direction of a recent article from Bloomberg Businessweek, “The Problem With Passwords“. The article contains data compiled from Gartner, Forrester, Duo Security, Imperva and LastBit Software, comparing and contrasting different password lengths. The data included in the article also reports that the most common passwords are 123456, password, 12345678, qwerty and abc123.
Here’s some more interesting information from the article:
Time it takes a hacker’s computer to randomly guess your password:
Length: 6 characters - Lowercase only: 10 minutes, Lowercase and Uppercase: 10 hours, Lowercase, Uppercase, Nos. & Symbols: 18 days
Length: 7 characters - Lowercase: 4 hours, Lowercase and Uppercase: 23 days, Lowercase, Uppercase, Nos. & Symbols: 4 years
Length: 8 characters – Lowercase: 4 days, Lowercase and Uppercase: 3 years, Lowercase, Uppercase, Nos. & Symbols: 463 years
Length: 9 characters - Lowercase: 4 months, Lowercase and Uppercase: 178 years, Lowercase, Uppercase, Nos. & Symbols: 44,530 years
Average amount it costs a business to field a phone call requesting a password reset: $10
Proportion of help desk calls that are password-related: 30%
Users who choose a common word or simple key combination for a password: 50%
Based on this information, organizations might want to make it mandatory that all employees must create a password that’s 9 characters long and contains lowercase and uppercase letters, numbers and symbols. You’ll probably be safe with one that’s 8 characters long, but go with 9 for good measure, because 44 530 is a pretty long time. This data tells it like it is and shows you just how quickly computers and other systems with poor passwords can be hacked. You can’t afford to have employees make these mistakes within your organization. The information from this article has been printed and hangs in a central location in our office as a reminder for employees.
It might be a good idea for your company to do the same thing. Employees need to be educated about password protection because a password like 12345678 isn’t going to cut it when it comes to protecting files containing confidential information. Hopefully this information serves as a wakeup call for those who don’t take time to consider the importance of their password choices - or those who stick to the same password for everything.