With the perils of poor passwords fresh in my mind after having written last week about the Gawker hack, I broached the topic to some friends who work in IT at a New Year's Eve party (it sounds painfully boring, I know, but I was looking to see if anyone had any amusing or shocking anecdotes, like the one I mentioned back in November about the Carrie Fisher fanatic who used "Leia" as his corporate password).
Nothing particularly funny came up in the brief exchange (no one, including me, really wanted to talk shop right then), but someone did mention a blog post that I've just now gotten around to checking out, and it just might startle those with bad password habits out of this security stupor. "How I'd Hack Your Weak Passwords," written by John Pozadzides on , lays out exactly how easily and quickly your passwords can be cracked, especially if they can be guessed based on personal information that is relatively simple to find or sequential numbers (like those used by far too many Gawker users).
After listing his top 10 guesses, Pozadzides goes on to explain the next method he'd use to gain access to your e-mail, bank accounts or computer in the event that you neglected to create good passwords: Brute Force Attacks using special cracking software. He provides a link to Insecure.org's list of Top 10 Free Password Crackers and even includes a table that illustrates how long the crack would take based on password characteristics. Mr. Pozadzides meant for this to be a wake up call, and he succeeds.
While this information is a great reminder to take care when constructing passwords that protect personal information, it's especially useful in a business context. A lot of sensitive, valuable information is put at risk when the only thing that keeps a bad actor from it is your pet's name, "letmein" or "1234."
To help keep this info safe, you should consider developing and enforcing a policy for your organization that lays out guidelines for creating strong passwords. Check out these resources to help get you started: