The list of 320 million passwords was compiled from data breaches
Security researchers have cracked more than 320 million passwords which were made public in an encrypted blacklist.
Password research collective CynoSure Prime has been
able to retrieve all but 116 passwords (roughly 99.9999%) from a
blacklist of 320 million which was made public in an altruistic attempt
to stop people reusing insecure passwords.
In cracking the passwords the team has shown how at risk users
can be if the services they use do not apply proper protections in
encrypting their passwords.
They have also shown how easy it is for criminals to create enormous databases of passwords to use when guessing passwords on people's sensitive accounts.
Passwords are very rarely unique and are often reused across services, despite security experts encouraging them to be original and as random as possible.
In cracking the encrypted database of passwords, the researchers have shown the low standards of security involved in the composition of many passwords - which should be longer and include less predictable characters.
The reuse of insecure passwords can have severe security ramifications, as when hackers successfully compromised dozens of parliamentary email accounts this year after probing its email server.
In cracking the protected passwords, the researchers found more than 70% of passwords were either composed of just lower case characters or lower case characters and numbers, with very few using upper case characters and symbols.
Almost 97% of the passwords were 16 characters or shorter, and very few passwords contained characters which required users to press the control key on their keyboard.
The blacklist of passwords was initially compiled by Troy Hunt, the founder of the "Have I been pwned?" breach monitoring service.
Mr Hunt had released the passwords in an encrypted form, which would allow people check potential passwords against the database to make sure users were not putting themselves at risk.
They have also shown how easy it is for criminals to create enormous databases of passwords to use when guessing passwords on people's sensitive accounts.
Passwords are very rarely unique and are often reused across services, despite security experts encouraging them to be original and as random as possible.
In cracking the encrypted database of passwords, the researchers have shown the low standards of security involved in the composition of many passwords - which should be longer and include less predictable characters.
The reuse of insecure passwords can have severe security ramifications, as when hackers successfully compromised dozens of parliamentary email accounts this year after probing its email server.
In cracking the protected passwords, the researchers found more than 70% of passwords were either composed of just lower case characters or lower case characters and numbers, with very few using upper case characters and symbols.
Almost 97% of the passwords were 16 characters or shorter, and very few passwords contained characters which required users to press the control key on their keyboard.
The blacklist of passwords was initially compiled by Troy Hunt, the founder of the "Have I been pwned?" breach monitoring service.
Mr Hunt had released the passwords in an encrypted form, which would allow people check potential passwords against the database to make sure users were not putting themselves at risk.
Post a Comment