Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.


Weak passwords allow hackers in

26 May 2014, 13:59 Duncan Alfreds

Cape Town - Weak passwords are one of the primary reasons that allow hackers to compromise passwords, says a security expert.

"People don't want to remember more than one password. It boils down to human nature - as long as you meet company policy, then you're okay," Andrew Kirkland, Trustwave regional director for Africa told News24.

The 2014 Trustwave Global Security Report found that weak passwords contributed to 31% of intrusions the company investigated in 2013.

The most commonly used password was "123456", followed by "123456789", "1234" and "password".

"It is a very big problem, and I'll tell you why: People are lazy. So if your company policy says to you that you've got to use a minimum of eight characters… users themselves, because they work for the company, they don't really care," said Kirkland.

Poor security habits

As news emerges from the US accusing Chinese officials of conducting a wide-ranging hacking campaign, it emerged that the alleged hackers used mundane deceptions to trick company officials into opening the "cyber door" to intruders.

According to the US Justice department, employees opened a number of attachments which installed malware on to internal networks.

Kirkland said that new computer users were unfamiliar with the dangers associated with being on the internet.

"I think that the general user out there who's being introduced to a computer, who's being introduced to social networking - they don't really understand the issues that it comes with."

Weak passwords allow hackers to easily compromise computers and steal personal information. (Duncan Alfreds, News24)

Kirkland said that poor security habits at work would evolve into similar private habits, especially as more people used websites and platforms which required password access.

"For me the most scary part of that is that '123456' becomes the password not only in your corporate environment, but it becomes our password in multiple sites. These people tend to want to only remember one password and use that password across their entire personal landscape, including their corporate environment."

US online giant eBay reported that up to 145 million users were potentially affected by a hacking breach that compromised user names, passwords and other personal data, though the company insisted that credit card numbers were not affected.

Spear Phishing

Trustwave said that computer users sometimes wrote passwords down or stored them in an unencrypted form.

"The first thing that stands out for me is education. Every company should take the responsibility to educate their employees about security - not only about meeting company policy - but about security in general so they have a habit: They apply the same principle when they go home," said Kirkland.

He added that companies tested their systems as the report found that 71% of breached firms do not detect the break-in themselves.

Spam is the primary method of delivering malware. (Duncan Alfreds, News24)

Trustwave also said that at least a quarter of internet users had identical usernames and passwords for multiple sites. Potentially, this makes it easy for cyber criminals, especially when they are targeting specific individuals in what is known as Spear Phishing.

Attackers using this method will tailor their deception so that the victim believes the communication to be genuine.

At least 59% of spam contained malicious attachment and 41% contained links that were designed to compromise a computer.

Some of the most common subject lines include: "Some Important Information is missing"; "Bank Statement. Please read"; "Important - Payment Overdue", Trustwave said in its report.

"Until we as a worldwide community understand that what this means, I think it's going to be very difficult to try and get rid of this problem," said Kirkland.

- Follow Duncan on Twitter

- News24


Read News24’s Comments Policy

Comment on this story
Comments have been closed for this article.

Read more from our Users

Submitted by
Wilson Ochieng
Apologise for attack on Auditor G...

Apologise for attack on Auditor General, President Uhuru Kenyatta is told by Kisumu Senator Anyang Nyong'o. Read more...

Submitted by
Wilson Ochieng
Quit if you can't fight corruptio...

An MP has told President Uhuru Kenyatta to quit office if he cannot fight corruption. Read more...

Submitted by
Wilson Ochieng
Investigate Uhuru, Ruto for corru...

Investigate President Uhuru Kenyatta and DP William Ruto's offices over corruption, CORD leader Raila Odinga has said. Read more...

Submitted by
Victor Tinto
Its a 1 horse race to State House...

Its a 1 horse race to State House, DP William Ruto has mocked the CORD Coalition. Read more...

Submitted by
Victor Tinto
Enjoy your time left in power, We...

CORD Co Principal Moses Wetangu'la has told the Jubilee Coalition to enjoy its last few months in power before it is voted out in the 2017 elections. Read more...

Submitted by
Victor Tinto
Stop hiding in State House and sa...

ODM MP's have called on President Uhuru Kenyatta to release drought aid and to stop sitting on public funds. Read more...