Report exposes common cracks in cybersecurity

CHICAGO -- At the Chicago headquarters of the cybersecurity firm Trustwave, Charles Henderson leads a team of "ethical hackers" whose job it is to expose weaknesses for clients all over the world.

"We attack systems just as these criminals do attempting to find flaws, vulnerabilities," Henderson explained.

According to Trustwave's report detailing hundreds of breaches last year: 95 percent of all mobile apps were vulnerable to attack; 49 percent of all attacks involved theft of identification information and cardholder data; weak passwords led to 28 percent of all cyber breaches; and "password 1" was the most common password.

"It's not ninjas dropping through ceilings," Henderson said. "It's really simple stuff. It's things like passwords that lead to a compromise."

To show how easy it is, Trustwave analyst Garret Picchioni had me enter a seven character password. Using commercial software -- capable of making 81 billion guesses per second -- it only took 37 seconds to crack.

Picchioni says seven or eight character passwords are not safe enough.

"Computer hardware has reached a point where we're able to attack them so quickly that a password that small isn't practical anymore," Picchioni said. "Especially for incredibly sensitive things like financials, online banking."

Trustwave now recommends security phrases. The longer a password is, they say, the harder it is to hack.