Leave a comment

Hackers' passwords are just as bad as anyone else's

Hackers' passwords are just as bad as anyone else's
Photo courtesy of Shutterstock

I'm always telling you that the best way to combat hackers is with strong passwords. So, you would assume that hackers probably use good passwords themselves.

Well, you'd be wrong.

A researcher at security company Avast by the name of Antonín Hýža spent some time analyzing how easy it would be to crack a hacker's passwords.

He pulled up 40,000 samples of hacker communities, databases, backdoors and viruses, and was shocked to discover that about 4 percent of them had passwords that were easily to crack.

The hackers had some of the same flaws as major companies in recent data breaches. They didn't encrypt the passwords - or encrypted them in the laziest way possible.

Then there was the password length and complexity. Most skilled hackers understand the importance of something called "keyspace." Keyspace is the amount of possible variables that a hacker will have to test before discovering your password.

A long password with characters that are uppercase, lowercase and include symbols has a good keyspace. The hackers we're talking about mostly used six-letter passwords and easily guessable words to protect their illegal activities. That's exactly what I tell you NOT to do.

In case you're wondering how creative a hacker is when it comes to password creation, I'll let Hýža get the last word.

"There [were] a lot of variations of the word pass and root and also hax was used many times, but if I omit one common 4-letter word, the most frequently used word in this dictionary is hack."

If your passwords are over 6 characters and don't have the word "hack" in them, well, then you can say that you're at least smarter than at least a few hackers.

Next Story
Source: ArsTechnica
Amazon torpedoes 'The Lego Movie' and '300'
Previous Happening Now

Amazon torpedoes 'The Lego Movie' and '300'

'Oleg Pliss' ransomware hackers arrested in Russia
Next Happening Now

'Oleg Pliss' ransomware hackers arrested in Russia

View Comments ()