The use of free or premium VPNs has become widespread among individuals in just a few years. Advertising hype and promises to benefit from better prices on the Internet, to see video content inaccessible in its country of origin or simply to add an additional layer of protection, the arguments are multiple. The problem is that while VPNs enhance security by encrypting data providing a secure connection, they do not escape vulnerabilities. They can be the target of brute force attacks if the servers are configured to allow an unlimited number of connection attempts.
Renowned VPNs victims of intrusion
In a recent study, the Specops research team reveals 2,151,523 VPN passwords that were compromised by malware over the past year. “These are the theft of real passwords, chosen by end users to access VPNs, and they all represent an opportunity for an attacker to gain unauthorized access”explains the company specializing in password security solutions. The top three targeted VPN service providers (ProtonVPN, ExpressVPN, and NordVPN) are three of the most popular and secure VPNs on the market. A situation that hasn’t stopped more than a million Proton VPN users from having their credentials compromised by malware.
For experts, it is “much easier” for cybercriminals to attack customer login credentials rather than trying to hack the VPNs themselves. As for the passwords of the most commonly compromised VPN services, we find some essentials on our keyboards like “12345”, “qwerty” (equivalent to azerty) or even “Admin” and “password”. The “P@ssw0rd” variant is also gaining followers, in order to comply with complexity requirements. Generally, a password must now contain an uppercase letter, a number and a special character. The list also includes the terms “protonvpn” and “dyadroid1,” two of the five providers with the most violations. “Some end users clearly just typed the product name as their password”confides Specops, who recalls the importance for an organization to apply a strict password policy.
A golden rule: choose your password carefully
The most common password was found only 5,290 times (and the very common password “password” only 554 times) in this dataset, the study reveals. This could suggest that users “generally used unique, or even strong, passwords for their VPN credentials”.
For your VPN or any other service requiring a password, remember to follow some best practices:
- Create a password with at least 12 characters
- Use numbers, letters, special characters
- Choose an anonymous password, avoiding the date of birth, a nickname, etc.
- Avoid character sequences like “123456” or “azerty”
- Use unique passwords and a password manager
- Enable two-factor authentication whenever possible
- Remember to renew your passwords regularly
🟣 To not miss any news on the WorldOfSoftware, , .
