In 2012, a Norwegian researcher reported on a computer cluster that he’d developed for password cracking. Using five servers and 25 graphics cards, he used virtualisation software to run a program that could guess 350 billion passwords per second. It was estimated that it could guess every eight-character password, including those containing a combination of letters, symbols, and numbers, within five-and-a-half hours. This method of password guessing, known as ‘brute-forcing’, is now a common approach taken by hackers.
Cyber attackers also attempt to break passwords using social engineering techniques, such as phishing, pretexting and baiting. You might be surprised by how much of your personal information is available on the internet via Facebook, Instagram and LinkedIn. ‘Public’ social media accounts can reveal all the following about you: your birthday; middle name; mother’s maiden name; school; children’s’ names; home address; pet name; favourite sports team; place of work; email address; and phone number. All this information can be used by hackers to help crack your passwords.
So, how confident are you in your password security?
Do not despair; regardless of how weak your password is, if you introduce MFA to your user authentication process, a single password alone won’t be enough for a hacker to access your IT network.