With all of the leaked passwords that have been made available recently (passwords from services such as Yahoo and LinkedIn), cyber-criminals have access to vast data sets of passwords that make it easier to crack passwords in general.

Security researchers in the UK and China published a paper last month detailing a system for targeted password guessing that is highly effective and claiming that the threat is “significantly underestimated”.

Targeted password guessing turns out to be significantly easier than it should be, thanks to the online availability of personal information, leaked passwords associated with other accounts, and our tendency to incorporate personal data into our security codes.

Using a targeted password-guessing framework named TarGuess, the researchers achieved success rates as high as 73 per cent with just 100 guesses against typical users, and as high as 32 per cent against security-savvy users. (source, emphasis mine)

As has been noted previously here and here, passwords alone are not enough to protect sensitive networks and data.  This new study simply underscores this fact.

By implementing a robust two-factor authentication solution, such as GreenRADIUS, organizations can add a strong security layer that virtually eliminates password vulnerabilities.  GreenRADIUS is easy to deploy and simple to maintain.  Contact us to learn more.