While the technology we use is often far from perfect, hence the need for constant security patches and upgrades, most of the major security breaches we’ve seen have been due to human error. One major problem is that people are lazy at creating effective passwords to keep personal and company data. Because we’re expected to memorise each login, many people choose every password that is easy to remember.
A recent analysis by the UK's National Cyber Security Centre (NCSC) found "123456" was the most widely-used password on breached accounts. The study helped to uncover the gaps in cyber-knowledge that could leave people and companies in danger of being exploited. Top of the list was “123456”, appearing in more than 23 million passwords. When it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second.
Top Ten Passwords?
- "123456" - 23.2 million
- "123456789" - 7.7 million
- "qwerty" - 3.8 million
- "1111111" - 3.1 million
- "ashley" - 432,276
- "michael" - 425,291
- "superman" - 333,139
- "liverpool" - 280,723
- "pokemon" - 226,947
- "chelsea" - 216,677
Passwords are intended to protect sensitive information from those who want to steal or exploit it. As well as keeping our personal identities and data safe, they’re supposed to save our employers from joining the large list of corporations that suffer the operational and reputational damage caused by hacking.
What Can You Do?
As it’s World Password Day, why not take some time and think of some new and secure passwords to use now or in the future. There are numerous rules people suggest, but here are some of the key points we think everyone should consider.
- Lots of Characters: You need to choose a password that’s long enough. There’s no minimum password length everyone agrees on, but you should generally go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.
- Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.
- Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from dictionary words and obvious combinations. One word or a series of numbers will never be secure enough. For example, “house123” is a poor password. “Redhouse” is also very bad.
- Don’t Rely on Obvious Substitutions: Don’t use common substitutions, either, for example, “H0use” isn’t strong just because you’ve replaced an o with a 0.
Example’s
Try to mix it up whilst keeping it something you can remember.
1. Maybe the first dance at your wedding was “All of Me” by John Legend. The first two lines of the chorus are. “’Cause all of me, Loves all of you…” which can be changed to “CaomLaoy” (the first letter of every word). Combine this with the day and month, creating “23CaomLaoy06” and then add some symbols, “!23Coam, Laoy06”. Now you have a unique, 14-character password.
2. Maybe you’re one of the Top 10 who uses “Liverpool”? Keeping to this theme, you could change to the famous song, You Never Walk Alone and use the first letters again but mix up between caps and lowercase “YnWa”. Add the name of the Stadium, “Anfield” giving you YnWaAnfield and then add some numbers (date you first visited or team player’s shirt number) and some symbols. Giving you “8YnWa_Anfield20!13” – a strong and secure password.
But whatever you do, don’t make it easy, otherwise, you and your company could fall victim to Cyber Crime.