Posted on
August 17, at
10:12 AM

Online giant recently released the
findings of its broad study about password habits. The results show why
cybercriminals keep implementing the so-called password spraying attacks
online: it is because the user community is incredibly naive and continually
stick with the same old passphrases, even when they have been repeatedly warned
that they have been hacked.

The results of the study are extremely worrying from a security standpoint: Google shows that people are sticking with passwords that have already been hacked, and it is increasingly evident that bad habits at the time of choosing a passphrase are very difficult to modify. People keep ignoring even the most basic security tips, and they look away when they get warnings about possible breaches.

Getting to Know the Password
Spraying Technique

The password spraying approach has been
gaining steam as a brute-force technique, or as a resource to guess passphrases
and dodge security systems that lock the user account when a specific amount of
wrong guesses has been introduced.

Even officials of the American government recently warned people that Iranian cybercriminals have been implementing the password spraying approach in order to inject dangerous malware on specific networks. They used the technique to hack Citrix, a known tech firm, and subsequently steal lots (approximately 6 TB) of valuable data.

Just as a water spraying machine ‘sprays’ the
liquid over the lawn or any other chosen setting, password spraying refers to a
hacker or group collecting a huge number of account usernames and then clicking
or tapping the login button with some of the worst and most straightforward to
guess passwords. Playing by the odds, at least a small percentage of the
attempts will result in a successful login.

The Five of the Hacked
Passwords

According to ’s team of cybersecurity
experts, the most commonly used passwords in spraying attacks are ‘123456’,
‘password,’ ‘000000’, ‘1qaz2wsx’, and ‘a123456’. Those are the top five.

Google’s insight on the matter comes from every one of the 670,000 users of the Chrome browser that installed the Password Checkup item. That’s where they got the information about password habits to conduct the study.

Such a tool has been available since February
2019, and has received positive feedback and compared with Firefox’s Monitor
breach-alert service. The latter offering feeds from compromised data gathered
by the Have I Been Pwned specialists.

Google data is broad enough for it to know
that roughly for billion credentials have already been compromised at some
point. That’s why the Password Checkup service can warn the user if their
password has ever been breached by a hacker or if it is totally secure. More
often than not, however, users ignore the fact that their credentials have been
breached.

By the Numbers

Google knows that approximately 1.5 percent of
more than 21 billion login attempts feed on breached credentials, and these
have been implemented in 746,000 domains, all over the Internet.

Of all login attempts, 3.6 to 6.3 percent of
those made in video services and porn platforms were done on
compromised credentials. Approximately 1.9 percent of the login attempts in
news sites came on previously breached passwords, with shopping, email, and
finance sectors being the next closest.

Google made it known that 25.7 percent of the
alerts that it issues to users don’t result on a password change, but 26.1
percent of them do trigger a modification. Of those that opt to alter their
credentials for enhanced security, 60 percent of them aren’t vulnerable to
guessing attacks.

According to researchers of the global Internet giant, the company’s staffers and researchers defend the notion that their Chrome extension is significantly better than the systems that Have I Been Pwned and Firefox Monitor implement.

The researchers at Google also say that the
rival services are vulnerable to exploits, as well, because of the tradeoff
that they accept: they sacrifice privacy and share lots of account details on
unauthenticated channels.

Summary

According to Google, People Have Terrible Password Habits and Constantly Use Hacked Credentials  - wAAACwAAAAAAQABAEACAkQBADs  - According to Google, People Have Terrible Password Habits and Constantly Use Hacked Credentials

Article Name

According to Google, People Have Terrible Password Habits and Constantly Use Hacked Credentials

Description

The results show why cybercriminals keep implementing the so-called password spraying attacks online: it is because the user community is incredibly naive and continually stick with the same old passphrases, even when they have been repeatedly warned that they have been hacked.

Author


Ali Raza

Publisher Name


Koddos

Publisher Logo



Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here