10 million passwords unmasked

29 October,2015 by Jack Vamvas

Guarding against password theft is a serious business. There have been some high profile security hacks e.g Talk Talk. Password dumps appear regularly on various sites , in clear text. A security researcher , Mark Burrnet, went one step further and collected 10 million passwords , gathered from the various password dumps.

An analysis of the passwords used, reveals an interesting profile of  password selection.

For example the Most Used Base Phrase (4 + characters) :

1.passwords

2.qwerty

3.qwer

4.dragon

5.qazwsx

6.alex

7.love

8.monkey

9.master

10.shadow

 

These are very easy passwords to crack , which most offline password cracking techniques would manage to unmask.

There are a number of methods to encourage improved password entropy. Improved password entropy makes it harder to crack the password. Password entropy measures the password unpredictability.

Before you do anything,  ensure there is a solid SQL Server Security Policy  and a  regular SQL Server - Database Server Security Audit Process ...

For full details of the analysis  on the 10 million passwords

Read More on SQL Server security checks

 Find Weak passwords in SQL Server - SQL Server DBA

How to create a SQL Server Security Audit - SQL Server DBA

Database Server Security Audit Process - SQL Server DBA

Find who made a database security change - SQL Server DBA

 


Author: Jack Vamvas (http://www.sqlserver-dba.com)


Share:

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment on 10 million passwords unmasked


sqlserver-dba.com | SQL Server Performance Tuning | SQL Server DBA:Everything | FAQ | Contact|Copyright & Disclaimer