Is having a complex password enough?
Gibson Research corporation has an interesting web page where they ask How Big is your Haystack and how well hidden is YOUR needle?
Websites such as above help you determine how long would it take to crack your password. A complex password such as @n!mnd@mP may look like will take millions of years to crack, it doesn’t matter much if that password is part of a cracked list. There was a site called leakedsource.com that offered hacked databases in cleartext, fortunately it was shutdown by the FBI.
There is another website called siph0n.in that also offers cracked passwords from breached websites. Think of a complex password you have chosen which is near impossible to crack in your lifetime, the website where you used it stored them with a weak encryption or in cleartext and your password is now out for the world to use/misuse.
Here’s a snapshot of what one of our client gets bruteforced with over a period of 5 mins:
Does your password come close to any of these?
If yes, your password is already most likely compromised.
If No then you are among a rare breed!
To protect yourself we highly recommend using 2 Factor Authentication. Our favorite is to use the Google Authenticator available both on Android and iOS.
If you are a worried about your business, get in touch with us for our Threat Intelligence Platform that can protect your company proactively. Why wait for the bad guys to get in, let the Mighty Mjolnir protect you.