EDGE 2015 is starting in

Find out more EDGE 2015
Easy-to-guess passwords still in common use: Trustwave

Easy-to-guess passwords still in common use: Trustwave

Security vendor finds people are still using simple passwords such as “password1” online


Fifty per cent of users, including employees, are still using simple passwords that can be easily guessed, according to Trustwave’s global security report.

It claims “password1” is the most common choice for users.

As for why this is the case, Trustwave managing consultant, Marc Bown, said it comes down to education.

“Everyone in IT security has talked about education about passwords,” he said.

“However, the feedback has been that even if someone is told to have a good password a hundred times, they still won’t do it.”

The problem is that only telling people to have a good password is not enough.

“They have to be told why they need to have a good password, because most users don’t understand,” Bown said.

The majority of users do not think passwords are a “big deal” and do not look at the “big picture to make a risk assessment” on how important their password is.

Thus, Bown said the key is to educate them on why they need a good password, as well as how to get one.

“Most people complain about changing their password and not being able to remember it, because it needs to be a stupid combination of numbers and letters,” he said.

“What we know as an industry is that it doesn’t need to be a stupid combination of numbers and letters, as that does not really slow down an attacker much.”

Instead, it is really about the length of the password, so Bown said the most important thing a user can do is to pick a longer password.

“Teaching users how to pick a longer password and how to remember it, such as a sentence, is a thing that we can do,” he said.

Another thing that has become relevant with passwords in the last year is password re-use.

With the proliferation of online services, Bown said most users will use the same password everywhere, such as their login for work, for blogs or social networks.

“As more and more sites become compromised, there are massive username and password lists that are sourced from those compromises and available on the Internet,” he said.

For that reason, Bown said it is important for people not to use the same passwords on services that could become compromised, thereby disclosing their password.

“People are looking at those password lists and using them to crack into other services to target individuals,” he said.

Other key findings in the report included an average of 210 days taking from the time of a security compromise to the time of detection.

“It’s a really long time and an attacker can do a lot in that period, because they’re not being detected,” Bown said.

Mobile menace

When it came to mobile malware, Trustwave’s report found that there was a 400 per cent increase last year, in particularly on Android.

Bown attributes this number to being “about economics.”

“The attackers do this stuff for a reason, whether it is financially motivated or for an ideological reason,” he said.

On a finance front, as long as they are making money out of this, the cyber criminals will come up with methods to compromise things.

“While there may be controls in place to prevent malware, so long as those are making money out of this, and they are, they’ll continue to do it and look for new ways,” Bown said.

So far, most of the malware Trustwave has seen on Android is SMS stealing or sending malware.

“They put an app up that looks legitimate and they will get people to download it,” Bown said.

“In the background the app will send SMS’ to premium rate numbers operated by the person who did the app.”

While Bown admits these types of activities are “not especially advanced,” he adds that the safeguards in place are “fairly rudimentary.”

“In the last 18 months, Google Play has had some controls that attempted to detect malware within applications uploaded to the marketplace, but there are a large number of third party marketplaces within the Android ecosystem,” he said.

Bown adds that it is mainly in the third party app stores where malware is being found.

Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.

EDGE 2015:: For all the latest on EDGE 2015 including the keynote speakers visit the EDGE mini-site now

2015 ARN ICT Industry Awards: Nominations for the 2015 ARN ICT Industry Awards close on June 26. NOMINATE NOW!!!

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags trustwaveAndroidmalware



In Pictures: Robots that cook, clean, sing and dance
Tech Hive

In Pictures: Robots that cook, clean, sing and dance

Cooking, learning language and doing the laundry are a few of the human skills demonstrated by.real humanoid bots featured in the National Geographic movie Robots.

In Pictures: Robots that cook, clean, sing and dance
IN PICTURES: OKI Data Australia partner event (+10 photos)
Business Products

IN PICTURES: OKI Data Australia partner event (+10 photos)

OKI recently hosted its ChannelOne dealer forum for its executive series channel partners to get together and learn about the company's new high-performance ES8400 A3 multifunction series printers. After a welcome and business overview from OKI Data Australia managing director, Dennie Kawahara, delegates were given a comprehensive overview of the new product, as well as an update on the latest marketing initiatives and software solutions, before being treated to live demos and a product showcase. Partners were also given a preview of OKI’s upcoming A3 digital LED white toner printer. With more than 60 delegates attending from all over the country, the day concluded with dinner at Casa Ristorante Italiano in Sydney and several delegates also participated in a friendly game of golf the following morning.

IN PICTURES: OKI Data Australia partner event (+10 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments