It’s time to toughen up passwords as online companies get hit by the hackers
It’s been a bad few months for password protection. Earlier in July, Yahoo became the latest high-profile company to suffer a significant security breach when up to 450,000 user accounts and passwords thought to be related to Yahoo Voices were stolen by a hacking group and posted on an internet forum. Yahoo Voices is the company’s voice over internet protocol service.
The breach enabled security specialists to highlight some strange password choices by the users of Yahoo Voices. According to an audit of the stolen information carried out by Swedish security firm Eset, almost 2,000 people were using “123456” as their password. Other popular choices included “password”, “welcome” and “abc123”.
The Yahoo hack followed a number of similar attacks carried out against other companies in recent weeks.
Create a strong password
Social Q&A website Formspring was targeted just before Yahoo in a security breach that led to about 420,000 passwords being accessed and posted to an internet forum. This prompted the company to disable all passwords and instruct users to set new ones. “This is a good time to create a strong password,” wrote Formspring CEO Ade Olonoh in a blogpost offering advice on how to create passwords that are difficult to crack.
In June, eHarmony, LinkedIn and Last.fm all confirmed password breaches. eHarmony, an online dating company, did not say how many users had been affected, but estimates suggested that the figure could have been about 1.5m. This breach was trumped by networking site LinkedIn, which suffered the theft of 6m passwords, and by online music site Last.fm, which lost 6.5m.
Mike Kelly, security analyst at SpiderLabs, analysed the eHarmony passwords and concluded that they offered “further proof that organisations need to not only store passwords in stronger, salted formats than was previously acceptable, but also need to enforce stronger case-sensitive password policies.” Users, as a whole, still do not understand the need for strong passwords, and will continue to set passwords that meet only the minimum requirements, he said.
By Clive Couldwell