Targeted online guessing represents a major threat to online security, according to new research.
The paper found that this tactic exploits security shortfalls in many users, which, in this instance, is to use the same password – often containing personal information – across multiple accounts.
The authors of the study, a collaboration between Lancaster University’s School of Computing and Communications and Fujian Normal Univeristy’s School of Mathematics and Computer Science, stated that this approach is an “underestimated threat”.
“WE HAVE DEMONSTRATED THAT A LARGE NUMBER OF PASSWORDS CAN BE GUESSED IF PERSONAL INFORMATION IS KNOWN TO THE ATTACKER.”
“We have demonstrated that a large number of passwords can be guessed if personal information is known to the attacker,” noted Ding Wang, lead student author of the study. “Especially if they know passwords from other accounts owned by the potential victim.”
Professor Ping Wang, the corresponding author of the paper, added that targeted online guessing is a “serious security concern”.
This is especially true for two reasons, he went on to explain. One, there are large amounts of personally identifiable information easily accessible to cybercriminals.
Two, cybercriminals are also able to get their hands on millions of leaked passwords, courtesy of data breaches past and present.
“Our results should encourage people to vary the passwords they use on different websites much more substantially to make it harder for criminals to guess their passwords,” said Dr Jeff Yan, co-author of the paper.
“This work should also help inform internet service providers looking to introduce more robust security measures to detect and resist online guessing.”
One approach that is highly recommended is for the use of passphrases. Unlike passwords, these tend to be more complex and longer, yet just as memorable.
by Narinder Purba, ESET We Live Security