{"id":308,"date":"2014-08-18T18:32:06","date_gmt":"2014-08-18T18:32:06","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=308"},"modified":"2014-08-18T18:32:06","modified_gmt":"2014-08-18T18:32:06","slug":"your-complex-password-isnt-much-safer-than-12345","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/","title":{"rendered":"Your Complex Password Isn’t Much Safer than 12345"},"content":{"rendered":"

\"Your<\/a>Many organizations have password creation standards that force you to create a ‘complex’ password when creating an account or profile, based off of the assumption that a complex password will be much harder to hack than a simple one. Turns out that assumption may be faulty, according to the computer security company Hold Security and Wired magazine’s Robert McMillan, in the wake of the massive theft of 1.2 Billion online credentials<\/a> by Russian cyber-criminals recently.<\/p>\n

From Wired:<\/p>\n

Some of these may be incredibly complex passwords\u2014with lots of jumbled numbers and symbols. And some may be incredibly simple\u2014using just the simplest of English words, like, say, \u201cpassword.\u201d But after the hack, most all of them have left their users vulnerable to attack. According to Alex Holden, Hold Security\u2019s founder, the \u201cvast majority\u201d of the passwords he uncovered had been stored in plain text on company servers.<\/p><\/blockquote>\n

If hackers can simply steal passwords stored in plain text, that complex password you spent 10 minutes trying to set up through an organization’s strict password creation guidelines will be just as useless as ‘password’ or what Mel Brooks’ character ‘President Skroob’ in Spaceballs<\/em> uses as the combination to his luggage.<\/p>\n

Big, nasty, complex passwords have other drawbacks, too. As Wired points out, passwords force the user to do all the work, and the more work a user has to do, the more likely they are to circumvent the system with that famous yellow sticky note on the computer monitor with the password on it. This situation becomes even more likely if you have to replace that complicated, hard to remember password every 3 months. Additionally, sometimes “complex” passwords turn out to not be that complex after all, at least for some password cracking tools:<\/p>\n

Here\u2019s an example: some systems force you to chose an eight-character password, using capital letters, numbers and at least one number. That sounds pretty secure, but it\u2019s not. The word P@ssw0rd fits these criteria and password cracking tools such as JohntheRipper or hashcat will guess it in minutes. That\u2019s because they use something called \u201cmangling rules\u201d which take dictionary words and substitute letters such as a for @ or s for $.<\/p><\/blockquote>\n

The only way to make a good, truly complicated password is for it to be randomly generated according to Cormac Herley, a Microsoft researcher with expertise in passwords and security systems. However, us humans are really<\/em> bad at being random, and even worse at remembering something that is randomly generated. And even if you do have photographic memory, all will be for not if that password is stored in an unencrypted plain text file on an insecure server.<\/p>\n

McMillan believes that System Admins need to shoulder more of the identity and access management burden, specifically by finding “other ways” to secure their systems. A good place for Sys Admins to start, however, is by making sure those passwords stored in their servers aren’t so easily snatched.<\/p>\n

Nevertheless, it may be time for you to think about moving beyond password only systems of authentication, according to McMillan:<\/p>\n

pinning your security on an insanely complex password is a fool\u2019s wager. Just ask the people running the airline, travel and social networking sites that got hacked by… Russian hackers.<\/p><\/blockquote>\n

Good words as any to end on.<\/p>\n

For the Wired article by McMillan, click here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Many organizations have password creation standards that force you to create a ‘complex’ password when creating an account or profile, based off of the assumption that a complex password will be much harder to hack than a simple one. Turns out that assumption may be faulty, according to the computer security company Hold Security and […]<\/p>\n","protected":false},"author":1,"featured_media":312,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[],"acf":[],"yoast_head":"\nComplex Passwords Are No Better Than Simple Passwords<\/title>\n<meta name=\"description\" content=\"Easily hackable servers storing unencrypted text files of users' log in credentials renders even the best passwords transparent to cyber criminals.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Doug Atkinson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/\",\"name\":\"Complex Passwords Are No Better Than Simple Passwords\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/08\/Your-Complex-Password-Isnt-Much-Safer-than-12345.jpg\",\"datePublished\":\"2014-08-18T18:32:06+00:00\",\"dateModified\":\"2014-08-18T18:32:06+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\"},\"description\":\"Easily hackable servers storing unencrypted text files of users' log in credentials renders even the best passwords transparent to cyber criminals.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/08\/Your-Complex-Password-Isnt-Much-Safer-than-12345.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/08\/Your-Complex-Password-Isnt-Much-Safer-than-12345.jpg\",\"width\":600,\"height\":270,\"caption\":\"Your Complex Password Isn't Much Safer than 12345\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Your Complex Password Isn’t Much Safer than 12345\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services\",\"description\":\"Identity Access Management (IAM) News, Best Practices and Buyer's Guide\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae\",\"name\":\"Doug Atkinson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=mm&r=g\",\"caption\":\"Doug Atkinson\"},\"description\":\"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.\",\"sameAs\":[\"https:\/\/solutionsreview.com\"],\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/doug-atkinson-4\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Complex Passwords Are No Better Than Simple Passwords","description":"Easily hackable servers storing unencrypted text files of users' log in credentials renders even the best passwords transparent to cyber criminals.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/","twitter_misc":{"Written by":"Doug Atkinson","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/","url":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/","name":"Complex Passwords Are No Better Than Simple Passwords","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/08\/Your-Complex-Password-Isnt-Much-Safer-than-12345.jpg","datePublished":"2014-08-18T18:32:06+00:00","dateModified":"2014-08-18T18:32:06+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae"},"description":"Easily hackable servers storing unencrypted text files of users' log in credentials renders even the best passwords transparent to cyber criminals.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/08\/Your-Complex-Password-Isnt-Much-Safer-than-12345.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2014\/08\/Your-Complex-Password-Isnt-Much-Safer-than-12345.jpg","width":600,"height":270,"caption":"Your Complex Password Isn't Much Safer than 12345"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/your-complex-password-isnt-much-safer-than-12345\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"Your Complex Password Isn’t Much Safer than 12345"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Best Identity Access Management (IAM) Software, Tools, Vendors, Solutions, & Services","description":"Identity Access Management (IAM) News, Best Practices and Buyer's Guide","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/5992f02d38e7b28251ad933cd131dcae","name":"Doug Atkinson","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/092cfcbe5c7f2c185c21f152aada2d2f?s=96&d=mm&r=g","caption":"Doug Atkinson"},"description":"An entrepreneur and executive with a passion for enterprise technology, Doug founded Solutions Review in 2012. He has previously served as a newspaper boy, a McDonald's grill cook, a bartender, a political consultant, a web developer, the VP of Sales for e-Dialog - a digital marketing agency - and as Special Assistant to Governor William Weld of Massachusetts.","sameAs":["https:\/\/solutionsreview.com"],"url":"https:\/\/solutionsreview.com\/identity-management\/author\/doug-atkinson-4\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/308"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=308"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/308\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/312"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=308"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=308"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=308"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}