So, the latest most commonly used password list by SplashData makes for some pretty depressing reading as 123456 took the number 1 spot yet again in 2018.
The annually published list which is created from several million passwords leaked by hackers shows that people are still using passwords that can be cracked almost instantly.
The top ten list of the most commonly used passwords makes for some pretty frustrating reading for those of us working in the cybersecurity sector. Prepare to bang your head repeatedly against your desk in despair.
*list compiled by Splashdata. Read the full list at at - https://www.teamsid.com/100-worst-passwords/
Every year the cybersecurity industry gives out advice and information on how to make strong and effective passwords but (again) it seems as though the advice is still being ignored by many.
The average person’s online footprint is a lot bigger than it was just a few years ago. With online shopping, banking and other services continuing to grow in popularity, the need to use a variety of passwords for each account has increased.
Unfortunately, human beings are inherently lazy, and instead of creating unique passwords for every account we use, we often reuse the same one over and over or thinking we're clever merely add a number to the end of it.
Often organisations too are guilty of poor password management with many companies allowing multiple people access to their internal systems and in some cases social media accounts. For ease of use, they may often use a password that includes the company name followed by a number or symbol. These passwords are very easy to break and can leave organisations exposed to insider threats, vandalism and reputational damage.
When creating a password, you need to ensure that it is both easy for yourself to remember and difficult for a hacker to crack. One of the best ways is to use three random words and a combination of numbers of symbols.
It may be tempting to use words that mean something special to you such as a pet’s name or your favourite sports team. You should avoid these if possible. Social accounts can often give away clues to the things you like the most so don’t use names that can easily be gleaned from your social profiles. An excellent way to stop this is to ensure that your social media profiles are set to private so that only the people you know and trust can see it.
Don’t use the following in your passwords: Your partner's name, Child’s name, pet’s name, place of birth, favourite holiday destination or a favourite sports team.
The NCSC provides some excellent advice on password creation-https://www.ncsc.gov.uk/guidance/password-collection and on the benefits and negatives of using a password manager - https://www.ncsc.gov.uk/blog-post/what-does-ncsc-think-password-managers
By using CyberScore™, you can identify weak or default passwords being used on your networks. With regular scans, you can easily see which areas are being ‘protected’ by weak passwords allowing you to remediate them and reducing the threats.
Want to know more about CyberScore™ visit - https://xqcyber.com/contact/take-a-look-at-cyberscore