Even passwords considered “strong” by IT departments are often now vulnerable to hacking, according to professional services firm Deloitte. In Deloitte’s Technology, Media and Telecommunications Predictions 2013, the firm predicts that 90% of user generated passwords will be vulnerable to hacking this year.
Deloitte says that the weakness inherent in current password systems could result in billions of dollars of losses, and damage to the reputation of companies compromised in attacks.
“This is due to factors such as password re-use, advances in hardware and software used to crack passwords, and non-random distribution of characters,” says Deloitte in its report. “As the value of the information protected by passwords continues to grow, attracting more hack attempts, high-value sites will likely require additional forms of authentication.”
Deloitte’s report says that advances in computer technology have made eight-character passwords easier to crack by “brute force” methods – and points to the use of “crowd hacking” as another threat.
But the main problem is users themselves, according to the report. Habits such as choosing simpler passwords for entry on mobile devices has meant that many passwords remain insecure.