Hyderabad: Despite the advancements in technology, big tech companies like Amazon, Reddit, Netflix, Wikipedia still allow basic words like 'password', surname, date of birth or username with number to be used as passwords. Companies often blame users for bad passwords which make them vulnerable and open to cyber victimisation like Password Spray attacks and Brute Force attacks. These are the two most common methods used to gain unauthorized access to an account.
In Brute Force attack, hackers choose a vulnerable id and enter passwords one after another hoping some password might let them in. In Password Spray attacks, there is one password applied to multiple user ids so that at least one of the userid is compromised. In both the cases they start off with passwords which are easy to crack.
In fact a research project by Steven Furnell of the University of Plymouth that kept a tab on top sites and their password habits for 11 years, states that it was somewhat disappointing to find that the overall story in 2018 remains largely similar to that of 2007. Experts say that website developers of internet giants are often faced with the paradox of balancing security versus usability.
Mr Venkat Krishnapur, managing director, McAfee said, “Mandating a complex password definitely makes the platform enormously secure, but this may not be the most compatible approach for non-tech savvy users or the senior generation. “Hence, the website stands a chance to lose out on multiple customer segments. On the contrary, dumbing down password requirementsexposes naive users to security risks which tarnishes the website’s image,” he said.