• United States



Every 39 seconds?

Feb 09, 20071 min
Data and Information Security

In the time it takes you to read this entry, a hacker tried to gain access to your computer.  That is the result of a fascinating new study by Michel Cukier at the University of Maryland. 

In the study, which was directed at assessing the security risks presented by weak passwords, researchers left four Linux computers online continuously for nearly a month.  What they found is shocking, but not surprising. 

On average, the computers were attacked every 39 seconds.  As you may guess, they found weak passwords really do make it easier to gain access to computers.  While this may seem like common sense, I believe every organization can attest to the fact that its users frequently adopt passwords that are simply too easy to guess.  The problem is that the average user cannot remember a complex password without writing it down, undermining the very security afforded by the complex password.  There are, of course, ways of creating passwords that are both complex and easy to remember (e.g., splicing two common words together “cat” and “dog” becomes “cdaotg”).  The challenge is getting users to adopt them. 

Unfortunately, unless and until stronger passwords are widely used, the clock will be ticking.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author