Anthony Collette :donor: / Loistava · @AnthonyCollette
922 followers · 524 posts · Server infosec.exchange
“DIGITAL GARLIC” SCARES AWAY HACKERS
Time Management for Hackers
Attackers don’t bother brute-forcing passwords that are long or passwords that contain special characters.
Every one of us — hackers included — only have 24 hours in every day. So how do criminal hackers make the best use of their time when brute-forcing passwords?
Microsoft researcher Ross Bevington analyzed the usernames and passwords hackers entered from over 25 million brute-force attacks.
Here's the breakdown of 30 days' worth of attacks against passwords:
➡️ 6% attacked passwords over 10 characters in length.
➡️ 7% attacked passwords which included special characters.
➡️ 39% attacked passwords with numbers in them.
➡️ 0% attacked passwords with spaces.
Hackers definitely *stayed away* from passwords which were longer (94% of the time), and they *didn't bother* spending much time cracking passwords which contained special characters (only 7% of the time).
Probably because of the common use of numbers at the end of passwords, hackers definitely honed in on digits.
But hackers *didn't even attempt* brute-forcing passwords with spaces, most likely because including spaces in passwords is still fairly uncommon.
From the article written by Catalin Cimpanu:
"The researchers' findings suggest that longer passwords that include special characters are most likely safe from the vast majority of brute-force attacks, as long as they haven't been leaked online and are part of attackers' brute-forcing dictionaries."
Should we include special characters (including spaces) in our passwords?
Here we have high-quality evidence collected by Microsoft at scale. It shows decisively that password length and the inclusion of special characters act like digital garlic, keeping the vampires and werewolves at bay — keeping the bad guys away from our online accounts.
How do ordinary consumers get this “digital garlic” in an easy way? They use a Password Manager.
https://therecord.media/attackers-dont-bother-brute-forcing-long-passwords-microsoft-engineer-says/
#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords
#TimeManagementForHackers
#DigitalGarlic
#Microsoft
#passwords #passwordmanagers #complexpasswords #specialcharactersinpasswords #timemanagementforhackers #digitalgarlic #microsoft
Anthony Collette :donor: / Loistava · @AnthonyCollette
492 followers · 65 posts · Server infosec.exchange
“DIGITAL GARLIC” SCARES AWAY HACKERS
Time Management for Hackers
Attackers don’t bother brute-forcing passwords that are long or passwords that contain special characters.
Every one of us — hackers included — only have 24 hours in every day. So how do criminal hackers make the best use of their time when brute-forcing passwords?
Microsoft researcher Ross Bevington analyzed the usernames and passwords hackers entered from over 25 million brute-force attacks.
Here's the breakdown of 30 days' worth of attacks against passwords:
➡️ 6% attacked passwords over 10 characters in length.
➡️ 7% attacked passwords which included special characters.
➡️ 39% attacked passwords with numbers in them.
➡️ 0% attacked passwords with spaces.
Hackers definitely *stayed away* from passwords which were longer (94% of the time), and they *didn't bother* spending much time cracking passwords which contained special characters (only 7% of the time).
Probably because of the common use of numbers at the end of passwords, hackers definitely honed in on digits.
But hackers *didn't even attempt* brute-forcing passwords with spaces, most likely because including spaces in passwords is still fairly uncommon.
From the article written by Catalin Cimpanu:
"The researchers' findings suggest that longer passwords that include special characters are most likely safe from the vast majority of brute-force attacks, as long as they haven't been leaked online and are part of attackers' brute-forcing dictionaries."
Should we include special characters (including spaces) in our passwords?
Here we have high-quality evidence collected by Microsoft at scale. It shows decisively that password length and the inclusion of special characters act like digital garlic, keeping the vampires and werewolves at bay — keeping the bad guys away from our online accounts.
How do ordinary consumers get this “digital garlic” in an easy way? They use a Password Manager.
https://therecord.media/attackers-dont-bother-brute-forcing-long-passwords-microsoft-engineer-says/
#Passwords
#PasswordManagers
#ComplexPasswords
#SpecialCharactersInPasswords
#TimeManagementForHackers
#Microsoft
:boost_ok: Feel free to share (boost) this post with all those who follow you by clicking the cycled-arrow icon below.
:mastodon: Here on Mastodon, boosting doesn’t elevate a post through any algorithmic shenanigans. Everyone who follows you gets to see the post (“toot”) without the platform interfering.
#passwords #passwordmanagers #complexpasswords #specialcharactersinpasswords #timemanagementforhackers #microsoft