Your IT Consultant
Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.
Short Passwords Make You the Target
November 23, 2021
Here we go again. More data supporting that poor password hygiene puts you in the crosshairs of the cybercriminals is provided from Microsoft. Attackers try to brute force shorter passwords and don’t waste their time trying to crack longer ones according to a post on The Record. Data collected from Microsoft’s honeypot servers indicate that attackers primarily try to guess short passwords and have very few attacks against long and complex passwords. Ross Bevington, a security researcher at Microsoft, said, “I analysed the credentials entered from over 25 million brute force attacks against SSH. This is around 30 days of data in Microsoft’s sensor network. 77% of attempts used a password between 1 and 7 characters. A password over 10 characters was only seen in 6% of cases.” Of the captured sample data, only 7% of the brute force attempts included a special character and 39% had at least one number.
What’s the message here? If your password is 7 characters or less, attackers will try to crack your credentials more than 75% of the time. You can get that number down to single digits with a password of at least 10 characters. Our recommendation is to use a password of 14 characters or more. That should make you pretty safe from brute force attacks. Of course, you don’t want to use dictionary words, which are easy to crack even if there are a lot of letters.