Friday, 24 December 2021

Really, Microsoft?!! Are you *still* allowing "password" to be used as a password at the end of 2021...?! Don't underestimate the importance of complex passwords

Complex passwords are really important.  "Brute force" hacking attempts are very common on all web systems - hackers literally throw 1000s of combinations of well-known user names and passwords at web systems to see if they can find a way in.  It might surprise you to learn that most publicly-facing web systems are subjected to this sort of attack every few days.

Almost all pieces of software now insist on long, complex passwords.  If passwords are long enough (8 characters, say) and contain numbers, lower case characters, upper case letters and some punctuation, hackers simply can't guess or be lucky and find a matching combination.

It's for this reason that we were surprised that Microsoft Excel - the most popular spreadsheet software in the world - still allows "password" to be used as a password when encrypting a file!  We found this out when testing encryption methods when preparing a webinar for our Alpha Legal users.  In 2021 this is simply unacceptably sloppy on their part - it's encouraging users to use guessable passwords when potentially storing sensitive data and this should not be possible.

Here's a demonstration showing that Excel still allows "password" to be used as the "secure password" for an encrypted file:

This screen recording shows me typing "password" into the password box - really!

Alpha Legal has been designed from the ground up to help you to secure your business, your clients' data and your reputation.  Take cyber-security seriously and protect your business with Alpha Legal - easy, safe & secure.

No comments:

Post a Comment