Number Usage in Passwords: Take Two, (Thu, Apr 9th)
Summary
This article revisits the use of numbers in passwords, building on previous research into honeypot data. It focuses on how years and dates are represented in passwords and how this usage has evolved. The author notes that such temporal patterns are common, particularly when password change policies mandate frequent updates.
IFF Assessment
The article highlights common password practices that make them vulnerable to brute-force or dictionary attacks, thus representing bad news for defenders.
Defender Context
Defenders should be aware that users often incorporate easily guessable elements like years and dates into their passwords, especially when forced to change them frequently. This practice significantly weakens password security and can be exploited by attackers. Encouraging stronger password policies and promoting the use of passphrases or password managers are crucial for mitigating this risk.