The UK Just Banned Default Passwords

Tech Talk, Tech News and Tech Support (Gadgets included)
Post Reply
User avatar
ukimalefu
Posts: 47151
Joined: Wed Jan 16, 2008 3:52 pm
Title: Screen toucher
Contact:

The UK Just Banned Default Passwords

Post by ukimalefu »

The new bill would require unique passwords for IoT devices and would prevent those passwords from being reset to universal factory default.

According to a 2020 report conducted by cybersecurity company Symantec, 55% of IoT passwords used in IoT attacks were “123456.” Another 3% of the attacked devices featured the password “admin.” IoT devices are notoriously insecure outside of passwords as well. A recent report from ​​Palo Alto Networks found that 98% of all IoT device traffic was unencrypted.

https://gizmodo.com/the-uk-just-banned- ... 1848119862

DEyncourt
Posts: 18850
Joined: Sun Jan 20, 2008 2:38 am

Post by DEyncourt »

On this week's episode (#849, dated Nov. 23, 2021) of Security Now, Steve Gibson reported on how EFFECTIVE simple brute force password attacks can be.

Nordpass--which makes a password manager--recently did their annual scan of Internet-connected machines and found that among machines in 50 countries that 103 MILLION accounts were broken into with their passwords being "123456". Gibson listed the top ten passwords found and they are depressingly simple, totaling about 288 MILLION accounts:

  1. 123456 (103,170,552 hits) more than TWICE the #2 password
  2. 123456789 (46,027,530 hits)
  3. 12345 (32,955,431 hits)
  4. qwerty (22,317,280 hits)
  5. password (20,958,297 hits)
  6. 12345678 (14,745,771 hits)
  7. 111111 (13,354,149 hits)
  8. 123123 (10,244,398 hits)
  9. 1234567890 (9,646,621 hits)
  10. 1234567 (9,396,813 hits)

Gibson noted that his and co-host Leo Laporte's favorite of "monkey" had fallen out of the top ten.

User avatar
kamizuno
Posts: 862
Joined: Sun Nov 14, 2010 5:39 am
Title: Anyone want a martini ?!?!....

Post by kamizuno »

Hmmm, so 0000000 is still ok then 😂

Image
User avatar
Metacell
Posts: 11609
Joined: Thu Nov 18, 2010 1:58 am
Title: Chocolate Brahma
Location: Lidsville
Contact:

Post by Metacell »

"Oh human waste, that's the password on my luggage!"

Remember, people, to forgive is divine. In other words, it ain't human.
DEyncourt
Posts: 18850
Joined: Sun Jan 20, 2008 2:38 am

Post by DEyncourt »

Here is NordPass' list of the top 200 cracked passwords for this year. Since the web address does NOT note the year, I think that this link is good "forever" (though I THINK you must wait until about November for them to update it).

The list also shows the time to crack them via brute force attacks. The first one which took more than "< 1 second"--2 seconds--was #14, "aa12345678". It is used in just over 8 million cases.

The first one that took more than seconds was #54, "myspace1", which took 3 hours. It is used in 1.6 million cases.

#108, "12341234", is the first on the list to be under 1 million cases.

#200, "xxx", is used in 209 K cases but note that #199, "qq123456", is used in 558 K so there was a big drop in users between those passwords.

Gibson's and Laporte's favorite of "monkey" is now #41 with "only" 2.5 million users.

User avatar
macnuke
Posts: 6328
Joined: Tue Oct 19, 2010 10:32 am
Title: PureBleed
Location: Here

Post by macnuke »

My password is “incorrect “
It is entered as
!n(0rr3(t

People that do not succeed in politics usually tell the truth too often.

User avatar
Pariah
Posts: 23221
Joined: Fri Mar 07, 2008 5:45 pm
Title: Know Your Enemy

Post by Pariah »

This is interesting to a point but black hats don't so much use brute force anymore, instead using dictionary attacks which are much more productive and less resource intensive. At least that is my understanding of the current situation.

Not even duct tape will fix stupid, but it can muffle the sound.
DEyncourt
Posts: 18850
Joined: Sun Jan 20, 2008 2:38 am

Post by DEyncourt »

Sure, but the point from Gibson is that so many people use such trivially easy-to-crack passwords that even a dumb and simple brute force attack can crack many of them in under a second.

User avatar
kamizuno
Posts: 862
Joined: Sun Nov 14, 2010 5:39 am
Title: Anyone want a martini ?!?!....

Post by kamizuno »

in regards to my joke about something being all zeros, here's a link to an article about how the launch code for firing off nuclear missiles from missile silos actually was all zeros......

https://www.huffpost.com/entry/nuclear- ... _n_4386784

by the way, so long as I'm talking about nukes during the cold war era, while everybody is familiar with the Strangelove comedy movie, another good movie was "Failsafe", in which Henry Fonda is president of the USA and he has to deliberately nuke NYC to avoid WWWIII from happening....

Image
Mustapha Mond
Posts: 4667
Joined: Sat Mar 15, 2008 10:20 am
Title: Daring to be stupid
Location: VA

Post by Mustapha Mond »

Metacell wrote: Sat Nov 27, 2021 8:09 am

"Oh human waste, that's the password on my luggage!"

:lol:

Post Reply