| Thread Tools |
24th November 2021, 13:59 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 153,575
| Hackers don't bother brute-forcing long passwords Time for longer sentences According to data collected by Microsoft's network of honeypot servers, most brute-force attackers primarily attempt to guess short passwords. It seems that hackers can’t be bothered with targeting credentials that are long or contain complex characters. While it has been known for ages that mixing numbers and letters together makes it difficult for hackers, most “secure” password systems don’t let you get away with “letters only” passwords. So a password like “thehillsarealivewiththesoundofmusic” would be ignored by a hacker as too hard but would be considered less secure than “pArsew0rd” by most security systems. The report penned by Ross Bevington, a security researcher at Microsoft said that after looking at a million brute force attacks against SSH made up of 30 days of data in Microsoft's sensor network 77 percent of attempts used a password between one and seven characters. A password over ten characters was only seen in six percent of cases", said Bevington. Bevington has the relatively cool tile of being Head of Deception at Microsoft which sounds like it should have a pretty broad remit. However, amongst his many deceptive roles are creating legitimate-looking honeypot systems to study attacker trends. https://fudzilla.com/news/53922-hack...long-passwords |
Thread Tools | |
| |