• 49% of workers reuse their password with only a simple change

    We often advise clients to change passwords regularly (say every 6 months) and use one which means something to them but can't easily be guessed by an attacker who doesn't know them personally.

    Many computers users make the mistake of trusting the same password to protect their different online accounts, not realising that if one site gets hacked that may provide the key for hackers to break in elsewhere. Malicious attackers don’t have to do this by hand, they can use credential stuffing techniques to automatically throw databases of stolen usernames and passwords at a site to see which combination will grant them access.

    So it’s important to ensure that all your passwords are unique, as well as being impossible to guess and hard to crack.

  • Recent huge DDoS attack from botnet leveraged easy passwords like '12345' and 'password'

    ddosRecently security consultanct Brian Krebs' website was hit with a giant Distributed Denial of Service attack designed to take his website offline and disrupt his work.
     
    The botnet was made up of nearly 400,000 benign devices such as CCTV camers, video recorders and routers which were all internet connected as part of the 'Internet of Things' (IoT) and used weak passwords such as 12345, admin and password to bombard the site with 665 Gigabits of traffic per second beating the previous record of 363 Gbps.
     
    This is entirely the fault of the device manufacturers who don't enforce stronger passwords or hard-code the default passwords in to the device making it unable to be changed.