Data Breach Prevention / PCI Compliance Tip of the Week

Jorge Flores

Happy Friday everyone! It's been another week in the trenches talking to merchants and corporations about PCI compliance and data breach prevention. I'm doing a weekly blog summarizing some key observations. My objective with this blog is to bolster knowledge, dispel myths, and spread valuable information on various topics within the PCI compliance realm.

Data Breach Prevention/PCI compliance Tip of the Week: Change your default passwords!

A stifling amount of large data breaches involving sensitive information center around a common and highly preventable mistake; not changing default passwords! This is one of the top methods of attack that hackers use to penetrate a network.  In fact, password breach is consistently near the top of the list of data breach root causes. Let’s take a look at the top 5 most common default passwords:

1. Password
2. changeme
3. welcome
4. password1
5. abc123
    

Not changing default passwords is akin to leaving the key in your front door at night.  Hackers can easily cycle through common passwords. Once they crack a password on one system; they immediately try the same password on other systems.  All too often, they'll find success with each subsequent breach attempt.

Password Tips:

Many of the people I spoke to this week did not have a policy that addressed password changes or complexity.  A surprisingly large amount of people fail to realize that a strong password policy can significantly reduce the risk of a data breach.  Now that you have this week’s data breach prevention tip, let us go over some strong password selection criteria.

• Do NOT use a variation of your name
• Do NOT use a variation of your company’s name or product
• Do NOT use the name of a local entity (i.e. local icons, sports teams, etc.)
• Do NOT use the same password that you use for multiple accounts (i.e. FB, Twitter, online banking, etc.)
   

REMEMBER that length and variation are both essential in formulating a “data breach immune” password. A password with three characters has 857,000 possibilities while a password with seven characters has over 69 trillion. Adding just a couple more characters to your password leads to an exponential increase in password security.

Stay tuned next week for another Data Breach Prevention/PCI Compliance Tip!