Hackers don’t bother brute-forcing long passwords
Time for longer sentences
According to data collected by Microsoft’s network of honeypot servers, most brute-force attackers primarily attempt to guess short passwords.
It seems that hackers can’t be bothered with targeting credentials that are long or contain complex characters. While it has been known for ages that mixing numbers and letters together makes it difficult for hackers, most “secure” password systems don’t let you get away with “letters only” passwords. So a password like “thehillsarealivewiththesoundofmusic” would be ignored by a hacker as too hard but would be considered less secure than “pArsew0rd” by most security systems.
The report penned by Ross Bevington, a security researcher at Microsoft said that after looking at a million brute force attacks against SSH made up of 30 days of data in Microsoft’s sensor network 77 per cent of attempts used a password between one and seven characters. A password over ten characters was only seen in six per cent of cases," said Bevington.
Bevington has the relatively cool tile of being Head of Deception at Microsoft which sounds like it should have a pretty broad remit. However, amongst his many deceptive roles are creating legitimate-looking honeypot systems to study attacker trends.
via Fudzilla.com – Home https://ift.tt/3ca2R5J
November 23, 2021 at 03:32AM