{"id":1145,"date":"2016-02-27T16:22:46","date_gmt":"2016-02-27T16:22:46","guid":{"rendered":"http:\/\/blogs.secure-bits.com\/?p=1145"},"modified":"2016-03-11T22:13:05","modified_gmt":"2016-03-11T22:13:05","slug":"password-complexity-does-it-really-matter","status":"publish","type":"post","link":"https:\/\/blogs.secure-bits.com\/?p=1145","title":{"rendered":"Password complexity, does it really matter?"},"content":{"rendered":"<p>&nbsp;&nbsp;SplashData recently has released their annual list of the 25 most widely used bad passwords. The <a href=\"https:\/\/www.teamsid.com\/worst-passwords-2015\/\" target=\"_blank\">blog noted<\/a>, quote:<\/p>\n<blockquote><p><span style=\"color: #008000;\">\u00a0\u00a0\u00a0 &#8220;In SplashData\u2019s fifth annual report, compiled from more than 2 million leaked passwords during the year, some new and longer passwords made their debut \u2013 perhaps showing an effort by both websites and web users to be more secure. However, the longer passwords are so simple as to make their extra length virtually worthless as a security measure.&#8221;<\/span><\/p><\/blockquote>\n<p>&nbsp;&nbsp;The number of leaked passwords in 2015 had been much more than two million. Chances are that the actual number is a lot larger. Just the Ashley Madison security breach in 2015 netted the hacker(s) 34 million passwords. While I don\u2019t doubt the authenticity of SplashData and the top 25 list based on their number, the chances are that the analysis is somewhat skewed.<\/p>\n<p>SplashData does provide some advice on password protection via simple tips like this one, quote:<\/p>\n<blockquote><p><span style=\"color: #008000;\">\u00a0\u00a0\u00a0 \u201cUse passwords or passphrases of twelve characters or more with mixed types of characters\u201d<\/span><\/p><\/blockquote>\n<p>&nbsp;&nbsp;&nbsp;Wait\u2026 Weren\u2019t most, if not all, leaked passwords related to websites&#8217; security breaches? If they were, what is the difference between the \u201c123456\u201d and the \u201c3pHj1P38JVF4\u201d password? In reality, the difference is nothing. Other than the obvious that the end user will have a hard time remembering the twelve character randomly generated password. Let\u2019s face it, as long as the hacker(s) can download the password database, it does not matter if password complexity is in place or not.<\/p>\n<p>&nbsp;&nbsp;Information Technology (IT)\u00a0people <em>can<\/em> go ahead and ridicule the end users for their choice of passwords. Doing so will result in couple of funny stories, but the jokes are on them. Here\u2019s 2016 and IT people still cannot secure the password databases.<\/p>\n<p>&nbsp;&nbsp;Despite all of this, it will not stop IT people from requiring the end users to use long and complex passwords, use special characters, include upper and lower case letters, have numerals, different passwords for each account, to not write them down, and to change them frequently. Doing any combination of the aforementioned will not likely matter. No wonder the end users cringe when the\u00a0IT guys\/gals shows up\u2026<\/p>\n<p>&nbsp;&nbsp;None of the top lists would be possible by simply guessing the password or via social engineering. The number of passwords obtained by these means would not be sufficient for statistical purposes. Let\u2019s not throw the end users under the bus and do what needs to be done. Secure the password databases IT people&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp;&nbsp;SplashData recently has released their annual list of the 25 most widely used bad passwords. The blog noted, quote: \u00a0\u00a0\u00a0 &#8220;In SplashData\u2019s fifth annual report, compiled from more than 2 million leaked passwords during the year, some new and longer &hellip; <a href=\"https:\/\/blogs.secure-bits.com\/?p=1145\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[44,21,45,46,47,43],"tags":[],"_links":{"self":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/1145"}],"collection":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1145"}],"version-history":[{"count":18,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/1145\/revisions"}],"predecessor-version":[{"id":1167,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=\/wp\/v2\/posts\/1145\/revisions\/1167"}],"wp:attachment":[{"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.secure-bits.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}