My wife sent me a link this morning that made me do a little double take. Courtesy of BBC News, reporting on an investigation by Which? Magazine: http://www.bbc.co.uk/news/uk-40371373
The Virgin Media Super Hub 2 used passwords that were just eight characters long, and used only lower-case letters.Interesting that they don't mention the missing characters as well, leading to a 24 character set instead of a 26 character set. Shaves off a few minutes...
This is basically the exact same issue with the exact same ISP that I wrote about back in February. Obviously this affects other companies as well, and the BBC report reflects that.
Honestly, we're always used to setting passwords on devices that we buy (well, usually...) and accounts that we create online as well that I find it weird that the default position of ISPs during installation isn't to force a password change. And certainly those keys should be using mixed case and a longer length (10 is still pretty usable and memorable, I reckon).
Thing is, this problem is getting worse all the time. Graphics cards are still the primary way of testing password hashes (remember, you aren't cracking, you're comparing - they're one-way mathematical functions, and graphics cards are ace-as-tits at maths) and they're improving all the time.
For the love of all that is holy, please use longer passwords and keys.
When you change it to your own, it is a maximum of 15 characters and letters and numbers only...
ReplyDelete