
Are you still using the default password that came with your point of sale (POS) or payment system? Or, using 12345 or password1? If so, you need to change it right away to help protect card holder data. Passwords are one of the easiest ways for criminals to sneak in to access information if not updated from the default or, if passwords are too simple, it can also make it easy for data thieves to break in. And we all know the low hanging fruit always gets tapped first.
Today ‘password’ is still THE most common password used. And in 2012 Verizon reported that nearly 80 percent of breaches of confidential consumer information involved compromised passwords.
The idea of changing your passwords may be overwhelming. You want it to be something easy for you and for your employees to remember, while also keeping unwanted predators out. Complex passwords don’t have to be complicated. Look at the chart below:
Password |
Time to Crack |
bigmac |
0.077 seconds (not a dictionary word) |
B1gMac |
14 seconds (uppercase, lowercase, number |
B1gMac1 |
14 minutes (7 characters) |
leB1gMac |
15 hours ( 8 characters) |
B1gMac399 |
39 days (9 characters) |
B1gMacfries |
412 years (11 characters) |
Bigmacandfries |
511 years (14 characters, but only letters) |
B1gMac&fries |
344,000 years (12 characters) |
As you can see, just adding a number or capitalization, or both, can make a huge difference. Take one step closer now to protecting your customers’ payment data and change your passwords now.
When it comes to protecting your customers’ payment data, good password security is important. Check out this new infographic and video from the PCI Council and pass them along to your business partners and customers to help us raise awareness around payment card security. To learn more about the PCI Standards and other resources for payment data protection, please visit www.pcisecuritystandards.org.
For the latest news from the PCI Council, please visit our newsroom.
Connect with the PCI Council on LinkedIn: http://www.linkedin.com/company/pci-security-standards-council.
Join the conversation on Twitter: http://twitter.com/#!/PCISSC
For past webinars on PCI standards and more, visit the HFTP ProLinks Webinar page and log in to gain access to the webinar archive. For additional PCI Compliance resources, visit the PCI Resources page on the HFTP web site.
Bob Russo, the General Manager of the PCI Security Standards Council, works with representatives from American Express, Discover, JCB International, MasterCard, and Visa Inc. to drive awareness and adoption of the PCI Data Security Standard. Russo brings more than 35 years of high-tech business management, operations, and security experience to the PCI Security Standards Council.