Website debuts 'Change Your Password Day'
Administrators of the popular technology blog Gizmodo have taken it upon themselves to improve the online security habits of consumers and business professionals. By declaring February 1 "Change Your Password Day," organizers hope to bring light-hearted attention to the serious shortcomings of most users.
"The only person you can rely on to keep your password secure is yourself. And let me tell you, you're probably not doing enough to keep number one safe," explained Gizmodo columnist Rachel Swaby. "The reason: Your special lump of letters, numbers and symbols are likely spread over too many sites, are not long enough and are probably too personal."
Inadequate password manager strategies are by no means a recent development. While most users have failed to evolve, cybercriminals have lept light years ahead. To demonstrate just how easy it is for the properly equipped hacker to crack a password, Tech Herald writer Steve Ragan recruited some colleagues to examine the hundreds of thousands of hashed combinations that were released by Anonymous following its breach of security firm Stratfor.
Ragan suggested that his team was able to crack some of the simplest passwords in less than one second. Easy-to-guess codes like "123456" and "123qwe" provided the first round of successful attempts, and some of these combinations even mapped to the accounts of Stratfor's government clients. But perhaps more concerning, the tools used by the impromptu Tech Herald task force were by no means the most powerful options available.
"This is something else that should make administrator and executives take note. We didn't do anything advanced to obtain our list of passwords. We spent no money," Ragan cautioned. "There was no grid cracking or cloud hosting, just a desktop and about 400MB worth of words. Anyone can do this, it's as simple as loading the hashes, word lists starting the cracking process and walking away."
With these chilling revelations in mind, Swaby and her Gizmodo colleagues are hoping to see a large turnout for, as she described it, "the most boring-but safest!-celebration ever." Event organizers acknowledge that changing passwords once a year should not be the final destination. Instead, exploring other expert-recommended techniques like using password manager software to avoid password recycling will be needed to make lasting improvements in online security.