After analyzing 275,699,516 passwords leaked during 2020 data breaches, NordPass and partners found that the most common passwords are incredibly easy to guess — and it could take less than a second or two for attackers to break into accounts using these credentials. Only 44% of those recorded were considered “unique.”
The password manager solutions provider published its annual report on the state of password security, finding that the most popular options were “123456,” “123456789,” “picture1,” “password,” and “12345678.”
With the exception of “picture1,” which would take approximately three hours to decipher using a brute-force attack, each password would take seconds using either dictionary scripts — which compile common phrases and numerical combinations to try — or simple, human guesswork.
Here are the top 10 worst passwords for 2020, according to the NordPass analysis:
Cloud Computing can be an intimidating subject area simply due to the sheer number of articles, blogs, conferences, and information on the matter. My goal in this post is to split the discussion based on the perspective of the writer.
While researching this post on “Cloudsplitting”, I became formally acquainted to the concept of an unreliable narrator:
“a narrator, whether in literature, film, or theatre, whose credibility has been seriously compromised.”
The nature of the narrator may be immediately clear or it may be revealed later in the story. Sometimes it is revealed at the very end, at which point you find out your narrator has been totally unreliable! This makes yo�������������������� story… which you should…. the guy was unreliable.
I think it’s a great concept! The first example that jumps to mind would be Kevin Spacey’s character in The Usual Suspects (Warning: Swears… Gonzalez sized swears).
I stumbled on the concept, the actual term, thanks to Cloudsplitter, the book. It’s a fictional retelling of Harper’s Ferry from the FICTIONALIZED point of view of John Brown’s son.
The author, Russell Banks, creates new context around the real events through his imagining of what Owen Brown’s views might have been. In this case, John Brown comes off as a lot less crazy than he may have come off otherwise.
(It’s also a hill in upstate NY near Bank’s home – ‘Tahawus‘ is the native Algonquin name for Mt. Marcy – the highest peak in the Adirondacks. It translates to ‘Cloudsplitter.’)
Emotional attachment and years of hermit-like isolation warp the perspective of our fictional version of Owen Brown. Unreliable. Quite frankly, I’ve seen the same in business.
I don’t want to fall for the same mistake.
We’re not hermits holed up in a cabin somewhere living on bottled water and beef jerky.
That’s one of the biggest differences between the introduction of Cloud technology and the introduction of previous computing technology. This time around information abounds. Whereas in the past, information about new technology was carried through very limited channels. And even then, it may have traveled indirect routes.
With our proliferation of information, it’s more important than ever to consider the source of the information. After all, the greatest trick the narrator ever pulled was convincing the world he didn’t exist…. or something.
Be it me and my Cloud Computing story or the guy at your office who waves his arms and decries this “parlour trick” technology.
Where is your information coming from?
I’ll point you to a few resources in a minute that, hopefully, will pass the narrator reliability test. First, if I may, I want to take the opportunity to split Cloud Computing into two separate camps.
In one camp, we’ll have Techie Cloud. In the other, we’ll have Business Cloud.
Techie Cloud:
This is the stuff relating to the functioning of a cloud environment. What’s the architecture? Where’s the data? How do I manage it?
It’s the kind of stuff your Systems Administrators and DBAs and IT Managers would want to know. For instance, I want to play around with Amazon Web Services to create a new computing environment. Do I need any special tools to work there?
Yes, there’s a front-end tool called Rightscale that makes creating a computing environment easy.
While interesting from an academic perspective, your average business user will probably get limited value from seeking out tonnes of information about Techie Cloud. Recognize it when you see it.
Business Cloud:
This is the stuff relating to using cloud-based software. The business user who is looking for a “consumerized” web experience. What does it do? Is it easy to learn? What’s the cost? How do I sign up?
It’s the kind of stuff the accountants, marketers, and salespeople would want to know. For instance, I want to find a way to manage my team’s projects. Can I get going with something quickly?
And Business Cloud is separate from the business of cloud which we’ll get into later.
The reason I am going around Cloudsplitting is because the content I’ve been finding lately doesn’t discriminate with respect to audience. You are as likely to jump into an article that’s geared toward IT as you are to find an article for a Business User’s perspective.
Forward the Techie Cloud articles on to your IT departments. There’s a view out there that Cloud is going to make IT deparments obsolete. I disagree. I think Cloud will free up IT from the mundane custodial services of server maintenance becoming a more strategic partner with management. I’ve written before about accountants being the dishwashers of business. We’re the dishwashers and IT are the custodians (or janitors if you want to be unkind about it).
And remember:
Evaluate the reliability of the source. Evaluate for audience.
Geoff Devereux works in a marketing/social media role with Indicee, a Saas Business Intelligence company, bringing B.I. to mere mortals. You can see more of his posts for GC here. H/t to Jesse from Cloudsplitter Mountain Guides for the translation and Greg_Smith for the pic.
Confession: not 100% sure on the hype surrounding SaaS, cloud computing, living in the cloud and whatever but apparently it’s the next big thing (if it’s not already) and might make our lives just one notch short of Jetsons flying car awesome.
Ask guys like Geoff, he’ll tell you all about it. I buy it and I don’t even need to use it, have heard amazing things, and have even evangelized it once or twice.
But it’s your data so instead of jumping on the SaaS/Cloud bandwagon without asking what happens to it once you do, it might be wise to check out the SAS 70 certification and the strange relationship that legitimizes it.
Complying with the AICPA lends a certain bit of credibility to vendors who want to show how tight their control systems are so auditors can rely on them, right?
Perhaps not, says Jay Heiser via Gartner in “Analyzing the Risk Dimensions of Cloud and SaaS Computing,” who is concerned by a sense of deja vu between the faulty systems that collapsed throughout the financial crisis and cloud computing. In an extremely risk-adverse environment, a bit of caution is due before jumping head first into the unknown.
Or you can just trust the shiny marketing materials and forget that it’s your data.
Now back to cloud computing and SAS 70. Okay, let me get this straight: So the cloud companies pay accounting firms for SAS 70 certifications just as the financial organizations paid Moody’s for an investment-grade rating?
“Yes, if you see someone who claims to be SAS 70, they have paid an accounting firm. Not only have they paid an accounting firm to go do the test, but they’ve told the accounting firm what processes need to be tested,” Heiser says.
And that’s different from an audit client paying an auditor how?
In a financial crisis corollary, Big 4 opinions are fetching less these days than they used to. Cloud computing marketers don’t really get what they are pushing but cloud provider clients certainly should understand what this means for the shift to life in the cloud.
If you’re still using passwords in the 21st century, you’re dumb and lazy