Imperva reports on how hackers crack passwords

Imperva are launching a report on how hackers crack passwords, the report is a sequel to their 2009 password report, Consumer Password Worst Practices, which analysed 32 million passwords and highlighted the most popular passwords used. For a preview of the new report, please do let me know.

The reports details:

How hackers bypass security controls to protect passwords.

Popular, key online resources hackers employ including one website containing 50 billion possible password permutations.

Key steps IT teams within enterprises must do in order to mitigate password breaches. Imperva's recommendations include:

- Using passphrases: Allow users to choose longer passwords which are easier to remember. Passphrases provide the necessary length yet do not require the user to write down the secret on a note left on the worker's desk.
- Enforce strong password policy. This doesn't mean just applying restriction on the character types but also by comparing against dictionaries used by attackers. In fact, Hotmail recently banned the usage of common passwords. This also means defining and banning site-specific passwords, as well as banning numerical or keyboard sequences.
- Use of a special form of encryption known has "salted digests." A salted value should increase the cost of guessing the password so that financially-motivated hackers will not make such an investment.