“My advice remains: don’t sleep walkin to a data breach, and use a password manager”
Regular readers will know I’m somewhat obsessed with threat intelligence reports; I suck them up faster than a deranged Dyson in a dust factory. One ransomware attack analysis, however, caught my attention recently because of passwords. I skipped over the bit about local admin passwords that hadn’t been changed for a year (not least as regularly changing passwords isn’t something I advise), and even the fact that they were all the same didn’t surprise me much, sadly. No, what grabbed me was the password of `1qazxcv itself.
Kudos to anyone who immediately spots the problem. Unfortunately, far too many people would think it relatively secure. Well, if you ignore the fact it’s a meagre eight characters long. Putting the length problem to one side for a moment, adding numerical and special characters into the password construction mix is a good thing, right? Sure, mixing upper and lower cases is also recommended. But none of this reveals the problem with `1qazxcv: to crack this code you need to focus less on the construct and more on the construction.
Take a look at the keyboard and you’ll see it’s a typical “keyboard walk” password where the characters are all connected within an easy-to-remember pattern. Easy to remember, yep, and easy for
You’re reading a preview, subscribe to read more.
Start your free 30 days