Interesting real-world data pertaining to password security has emerged recently, once again shedding light on the importance of having strong password policies
in place at your organization. That doesn't stop at, for example, requiring a minimum password length -- but also reminding end-users to be careful about both surrendering and reusing passwords too readily.
The first set of data came from Amit Klein, CTO of Trusteer. He wrote about a study that found about 50 percent of phishing victims give up their password credentials within the first 60 minutes
of a phishing attack's launch, and 80 percent of stolen credentials are taken within the campaign's first five hours. Given the way most of us hover around our email clients and smartphones, this doesn't seem all that far off. I mean, if you're going to be fooled, why would you wait a few days before responding to that emergency message "trying to protect you"?