Your Password Isn’t Safe: 90% Are Vulnerable to Hacking, Says Report
More than 90% of user-generated passwords will be vulnerable to hacking, the report, prepared by Deloitte’s Canadian Technology, Media & Telecommunications arm, said. Even those passwords traditionally considered strong — with eight characters and a combination of numbers, letters and symbols — are at risk.
Such a password chosen from all 94 characters available on a standard keyboard is one of 6.1 quadrillion possible combinations. It would take about a year for a relatively fast 2011 desktop computer to try every variation, Deloitte says.
“Most people put a capital letter at the beginning, and if you use a symbol, you probably use an exclamation mark,” says Richard Lee, national managing partner in Deloitte’s Technology, Media & Telecom group.
The bigger problem, however, is password re-use, says Lee. Deloitte notes advances in the hardware used to crack passwords that have made sensitive information increasingly vulnerable.
“A dedicated password-cracking machine employing readily available virtualization software and high-powered graphics processing units can crack any eight-character password in 5.5 hours,” the Deloitte report said.
Added layers of protection
Consumers are probably noticing that they must go through an extra layer or two of protection to access some of their valuable accounts. Many of these have been implemented in response to the increasing threat of hacks.
“The utilization of online banking and e-commerce continues to increase, even though these incidents [of fraud and hacking] are publicized,” says Peter Beardmore, senior director of product marketing at Kaspersky, an IT security firm.