Worried that prying eyes may want to read what you're up to? Then you might want to think about assigning password protection to your documents. But do you know.. In August of 2012, network administrators across the globe notice a nasty bit of malware Known as “Morto”. It works by exploiting the weakest link in any enterprise’s defenses: passwords that are easy to crack. Shockingly, 10% of the cases where Morto gained entrance were to Windows server products that are maintained by IT professionals.
This nasty bit of malware doesn’t spread by overcoming firewalls or defeating state of the art security suites. They are the sort of people that are supposed to understand the importance of protecting critical systems with strong passwords, but they failed to do so. In this case, however, a worm was gaining access to supposedly secure accounts, many of them high level ones in corporate and government settings.
Even in this day and age, far too many users rely on simple codes, such as their birthday, their first initial and last name, or the name of their pet or spouse. This is so common that many stage magicians have worked out ways to guess a total stranger’s computer password, merely by asking him or her a few basic questions.
Password recognition apps are like the soldiers that guard the outer perimeters of restricted access facilities. Their duty is to permit no one who doesn’t have the proper entrance code. Still there are plenty of programs, many of which are easily found on the Internet that will enable a potential thief to launch sustained attacks on a target’s systems by trying to guess their password. Most of them work by launching either a brute force assault or a dictionary attack.
Brute Force Attacks, also known as exhaustive key searches, this is the less sophisticated of the two methods. It relies on simply trying random guesses until the correct password is achieved. Dictionary Attacks, is a more nuanced approach to password cracking. It starts with the most likely codes and works to the less probable ones. In doing this it relies on the listings contained in a dictionary of the password creator’s native language, or some other commonly referenced source such as the Bible.
There are several key steps we can all take to help safeguard against Morto and other attempts to gain unauthorized access to our data. These include:
We might be so enthused about will you marry me this summer, like this: “wymmts!” Additionally, we could top it off with a digit or two, such as “2013” (avoid using your birth year). This gives us a final code of “WymmtS13,” which, as we’ll soon see, is a challenging one to decipher.
The flip side of creating such remarkably difficult passwords, of course, is the problem with remembering them all. This is especially true for those who have access to a large number of systems.
Security experts make the following recommendations in such cases:
In today's environment, security should not be just a defense strategy against external threats- it should also deliver proactive protection against data loss from internal sources.