Security companies like ours offer an assortment of technologies and services that organizations can use to protect their data and mount a defense against attackers. It's an essential part of the fight. But security doesn't only have to be about nifty software and shiny boxes.
Did you know that something as simple as forcing users to pick strong passwords can mean the difference between a successful breach and a hacker turning around and looking for a more inviting target?
Yet the beat goes on. Last year, our SpiderLabs researchers discovered a criminally controlled "Pony" botnet server that contained roughly two million stolen account credentials belonging to the users of some of the web's most popular websites, including Facebook, Twitter, LinkedIn and Google. Going back even earlier, we came across other Pony botnet instances. When we put together our 2014 Global Security Report, we decided to tally up the entire cache of stolen credentials and determine which ones were the most popular.
Taking the prize was "123456," followed by "123456789" and "1234." Letters finally turned up in the fourth-most used password, which coincidentally (or not) was "password."
When your employees use poor password practices, they are leaving themselves, and your business, wide open to even the most amateur hackers, who can turn to freely available password cracking software that requires little to no experience. Passwords once thought to be complex enough to make cracking improbable are now able to be reversed in just hours or minutes.
Here are four things organizations should keep in mind when it comes to passwords: