13 reasons why passwords are not secure

It is not a good idea to use username and a static password as the authentication method for logins, since it dramatically increases the risk of unauthorized access to services and information. Stefan Sundh, user authentication specialist at identity and security company Nexus Group, gives you the 13 reasons why passwords are not secure.

  1. Users often reuse the same password for different services.
    “This means that if the password for one service gets into the wrong hands, unauthorized people can not only get access to that particular service but also to a range of other services,” says Sundh.
  2. Many people do not change default passwords immediately, which means that it is easy for unauthorized people to gain access.
    “Default passwords are often publicly available in manuals, and they are often also pretty easy to guess. In addition, it is not at all uncommon that they are publicized in hacker forums,” says Sundh.
  3. Passwords are often shared amongst users.
    “This means that organizations cannot be sure of who actually has access to services and information,” says Sundh.
  4. Users tend to keep the same password for a long time.
    “If an unauthorized person gets their hands on the password, they can keep using it for unauthorized access for an equally long time,” says Sundh.
  5. Password-cracking tools are getting really good at guessing passwords.
    “The technological advances within this area go really fast – it is just a matter of time before passwords that are considered strong today will be rendered breakable,” says Sundh.
  6. People often use too weak passwords.
    “This can even make it possible for people to guess the password without the aid of brute force tools,” says Sundh.
  7. Passwords are easily stolen through social engineering.
    “There are an endless range of methods, for example, convincing emails or spoofed websites where people are asked to share their username and password. And a surprisingly large percentage of people actually do share their login information when asked to,” says Sundh.
  8. Passwords are sometimes sent over unsecure networks, which makes them easy to steal.
    “You know that Wi-Fi on your favorite café? It is most probably an unsecure network,” says Sundh.
  9. Organizations’ password databases get hacked much more often than most people care to realize.
    “In many cases, the hacker attack never gets noticed by anyone, or it takes a long time for anyone to notice. This means that the hackers meanwhile can use the passwords as much as they like to access all kinds of sensitive information,” says Sundh.
  10. Users often write down passwords, for example on sticky notes.
    “This of course makes the passwords very easy to steal,” says Sundh.
  11. Passwords can be stolen by malware equipped with key logger components.
    “Someone wanting your password can get hold of this kind of software very easily,” says Sundh.
  12. If a password gets into the wrong hands, unauthorized people can access the service and its information without anyone noticing.
    “The user has no clue that someone else is accessing the service using their password. And maybe even worse: the organization providing the service does not know, which means that external people can steal company sensitive information unnoticed,” says Sundh.
  13. Organizations often fail to remove user accounts and their passwords when employees quit their jobs, which gives them access to information they should no longer have access to.
    “This is so common – it is just crazy, there is no other way to put it,” says Sundh.

 

Published 29 March, 2017

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At Technology Nexus Secured Business Solutions AB, corp. ID no. 556258-0414, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.