29 October,2015 by Tom Collins
Guarding against password theft is a serious business. There have been some high profile security hacks e.g Talk Talk. Password dumps appear regularly on various sites , in clear text. A security researcher , Mark Burrnet, went one step further and collected 10 million passwords , gathered from the various password dumps.
An analysis of the passwords used, reveals an interesting profile of password selection.
For example the Most Used Base Phrase (4 + characters) :
1.passwords
2.qwerty
3.qwer
4.dragon
5.qazwsx
6.alex
7.love
8.monkey
9.master
10.shadow
These are very easy passwords to crack , which most offline password cracking techniques would manage to unmask.
There are a number of methods to encourage improved password entropy. Improved password entropy makes it harder to crack the password. Password entropy measures the password unpredictability.
Before you do anything, ensure there is a solid SQL Server Security Policy and a regular SQL Server - Database Server Security Audit Process ...
For full details of the analysis on the 10 million passwords
Find Weak passwords in SQL Server - SQL Server DBA
How to create a SQL Server Security Audit - SQL Server DBA
Database Server Security Audit Process - SQL Server DBA
Find who made a database security change - SQL Server DBA
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |