IT security and control firm Sophos is urging all computer users
to assess the strength of their passwords and ensure that they are
choosing unique and multiple passwords for every different
sensitive account in order to thwart hackers and protect their
personal and corporate identities.
The warning follows numerous recent cyberattacks whereby
fraudsters have bypassed password security in order to break into
web mail and social networking sites. Despite high-profile security
breaches such as
Jack Straw's Hotmail account being compromised, and
access to celebrity Twitter accounts after cracking an
administrator password, a third of computer users are still using
the same password for every website they access according to a
Sophos poll conducted earlier this month*.
According to experts at Sophos, many computer users continue to
overlook the importance of choosing strong passwords. When asked
the same question three years ago, 41 percent admitted to using the
same password for all websites, with just 14 percent always using a
"It's worrying that in three years very few computer users seem
to have woken up to the risks of using weak passwords and the same
ones for every site they visit," said Graham Cluley, senior
technology consultant at Sophos. "With social networking and other
internet accounts now even more popular, there's plenty on offer
for hackers and by using the same password to access Facebook,
Amazon and your online bank account, you're making it much easier
for them. Once one password has been compromised, it's only a
matter of time before the fraudsters will be able to gain access to
your other accounts and steal information for financial gain."
Sophos advises all computer users to ensure they don't use
dictionary words as passwords as it is relatively easy for hackers
to figure these out using electronic dictionaries that simply try
out every word until they get the right one. Furthermore, it's
important not to choose common passwords like 'admin' or '1234' as
cybercriminals also check these first. In fact, the Conficker worm
uses lists of 200 common passwords to try and gain access to
other computers on the network, meaning that if one employee is
infected, the whole corporate network could quickly be compromised
if strong passwords are not enforced.
Simple tips for better web
password security from SophosLabs on Vimeo.
"It's easy to understand why computer users pick dictionary
words as they're much easier to remember," continued Cluley. "A
good trick is to pick a sentence and just use the first letter of
every word to make up your password. To make it even stronger, you
can replace words like 'for' for the number 4, and this should give
you peace of mind that your password won't be guessed. While
there's still the issue of having to remember multiple passwords,
there are some good password management systems that will encrypt
all your passwords and only allow you to access them with the
master password - of course, it's essential that this password is
as strong as possible."
* Sophos online survey, March 2009, 676
Disclaimer: Please bear in mind that this poll is not
scientific and is provided for information purposes only. Sophos
makes no guarantees about the accuracy of the results other than
that they reflect the choices of the users who participated.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.