Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Complex Password. Show all posts
Password Security
Common Password Complex Password Cyber Security cybercriminals data security education sector Educational Institutes Password Password Security

Weak Passwords Still Common in Education Sector, Says NordVPN Report

 

A new study by NordVPN has revealed a serious cybersecurity issue plaguing the education sector: widespread reliance on weak and easily guessable passwords. Universities, schools, and training centres continue to be highly vulnerable due to the reuse of simple passwords that offer minimal protection.  

According to NordVPN’s research, the most frequently used password across educational institutions is the infamous ‘123456’, with over 1.2 million instances recorded. This is closely followed by other equally insecure combinations like ‘123456789’ and ‘12345678’. Shockingly, commonly used words such as ‘password’ and ‘secret’ also rank in the top five, making them among the least secure options in existence. 

Karolis Arbaciauskas, head of business product at NordPass, emphasized that educational institutions often store a wealth of sensitive data, including student records and staff communications. Yet many are still using default or recycled passwords that would fail even the most basic security check. He warned that such practices make schools prime targets for cybercriminals. 

The consequences of this weak security posture are already visible. One of the most notable examples is the Power Schools breach, where personal information, including names, birthdates, and contact details of nearly 62 million students and educators, was compromised. These incidents highlight how vulnerable educational data can be when simple security measures are neglected.  

Cybercriminals are increasingly targeting schools not just for monetary gain but also to steal children’s identities. With access to personal information, they can commit fraud such as applying for loans or credit cards in the names of underage victims who are unlikely to detect such activity due to their lack of a credit history. 

To mitigate these risks, NordVPN recommends adopting stronger password practices. A secure password should be at least 12 characters long, combining uppercase and lowercase letters, numbers, and special symbols. One example is using a memorable phrase with substitutions, like turning a TV show quote into ‘Streets;Ahead6S&AM!’. Alternatively, using a trusted password manager or generator can help enforce robust security across accounts. 

As digital threats evolve, it’s critical that educational institutions update their cybersecurity hygiene, starting with stronger passwords. This simple step can help protect not only sensitive data but also the long-term digital identities of students and staff.
Read more »
User Security
Complex Password Cyber Security Password Entropy Password Security User Security

Complicated Passwords Make Users Less Secure, Security Experts Claim

 

Using a variety of character types in your passwords and changing them on a regular basis are no longer considered best practices for password management.

This is according to new standards published by the United States National Institute of Standards and Technology, which develops and publishes guidelines to assist organisations in safeguarding their information systems.

The new guidelines were published in September 2024 as part of NIST's second public draft of SP 800-63-4, the most recent iteration of its Digital Identity guidelines. 

Change in password recommendations

Over the years, conventional wisdom recommended having complex passwords that included upper and lower case characters, numbers, and symbols. This complexity was intended to make passwords difficult to guess or crack using brute force assaults. 

However, these complex requirements frequently resulted in users developing bad habits, such as repeating passwords or selecting too basic ones that barely fit the rules, such as "P@ssw0rd123." Over time, NIST discovered that this emphasis on complexity was counterproductive, compromising security in practice. 

In its most recent guidelines, NIST has shifted away from enforcing complexity limits and towards encouraging longer passwords. There are a number of causes for this shift: 

Customer behaviour 

According to research, users frequently fail to remember complicated passwords, prompting them to reuse passwords across several sites or rely on easily guessable patterns, such as substituting letters with similar-looking numbers or symbols. The necessity by many organisations to change your password every sixty to ninety days—a practice that NIST no longer advises—further encouraged this behaviour. 

Password entropy 

Password strength is frequently tested using entropy, a measure of unpredictability. In other words, the total number of possible password combinations. The greater the number of potential options, or entropy, the more difficult it is for cybercriminals to crack the password using brute-force or guessing techniques. 

While complexity can contribute to entropy, length has a far greater impact. A lengthier password with more characters offers an exponentially greater number of possible combinations, making it more difficult for attackers to guess, even if the characters are simple. 

Human element

Long passwords that are easy to remember, such as passphrases composed of multiple basic words. For example, "big dog small rat fast cat purple hat jelly bat" in password form is "bigdogsmallratfastcatpurplehatjellobat" without the spaces, which is both secure and user-friendly. 

A password like this provides a balance between high entropy and convenience of use, preventing users from engaging in risky behaviours such as writing down passwords or reusing them.
Read more »
Subscribe to: Posts (Atom)