I am slightly late with this one as the event itself was on the 7th May 2026. The World Password Day 2026 is a day to try and highlight that passwords are weak. An article I saw on line said that 48% of passwords can be cracked in less than 1 minute and another article said that 68% of passwords can be cracked in one day. OK, this has to be by survey and no one tried to crack all passwords in the world to come up with figures of 48% and 68% but its reflective.
The purpose of world password day is a call to get people to stop treating passwords as the perimeter to systems and the to shift identity as the perimeter and reduce reliance on passwords. Use pass phrases that are more than 25 characters and start to adopt MFA and pass keys and also to make behaviour and risk part of the logon process.
A good example in Oracle would be to use a logon trigger or audit trails and reporting analysis to show patterns of why connects, from where and when and with what.
Obviously in Oracle implement password profiles and a verify function. MFA in the same way as twitter or facebook or linkedin or ... where you are sent a text is possible with various features from Oracle that cost extra but from 23.9 RU and 19.28 MFA is supported from the database as a core feature.
You can / could create a sort of MFA in the standard database by using various factors to check if the user not only has the password but conforms to other factors such as program, location, program, ... I know this is not MFA but we could verify a user not only on password. If we create a logon trigger then these factors can be tested.
My experience over many years is that Oracle databases when reviewed often do not have password profiles, verification functions or strong passwords. I have also seen passwords that have not changed in years and not many but some for decades.
Trevor who I have known for many years has set up a password quiz to coincide with world password day and he has already had some people take part and he is looking to report any differences between the UK/EU and USA and also younger vs older people.
Please do the quiz if you have time, its simple and quick but should provide valuable, insights. Trevor will analyse the results and show on his site and I will share some of the analysis here once it is available.
#oracleace #oracle #security #world #password #day #cracking # hacking
Blog
Pete Finnigan's Oracle Security Weblog
This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.
[Previous entry: "Securing Data in Oracle without Cost Options"]
