Another year, another annual password review. Those that follow our blog know, this is something we enjoy (and cringe) at doing each year. Every year we speak in detail about how unreliable passwords truly are, throughout we highlight the worst passwords, whilst reinforcing the fact that passwords remain an increasingly significant point of weakness for personal and business security. With a significant increase in remote workers and the topic of cyber security becoming more prevalent, has 2021 been the year everyone turned their poor password habit’s around? Unfortunately not, Nord VPN has put together the 200 most used passwords and it seems password hygiene is only getting worse.
Looking back at 2020, the top 10 worst passwords included “111111”, “12345” & “password” to name a few. Of last year’s top 10, 8 have managed to keep their positions, with two new additions, “qwerty” at 4th, and “1234567” in 10th place. NordPass and Partners evaluated a 4TB database of passwords that have been leaked in 2021 data breaches. Some of the trends they picked up on included, an increase in people using their own names as a password, Ferrari and Porsche being the most popular car brands when it comes to bad passwords, and for some reason, dolphin is the number one animal-related password.
Furthermore, analysis of the passwords leaked found that yet again, various easy-to-guess combinations of numbers remain as popular as ever. As part of the top 10, 8 of the worst passwords are numbers in easy to remember orders that often follow lines or patterns on a keyboard. So much so that the top 3 worst passwords of 2021 all start with “12345”. What’s more, it would take less than a second for the first 53 passwords in the list to be cracked, with "myspace1" breaking the streak in 54th place, which would take approximately 3 hours if attacked by hackers using a brute-force attack.
We've highlighted the top 10, but please feel free to browse (and judge) the full list here
- 123456
- 123456789
- 12345
- qwerty
- password
- 12345678
- 111111
- 123123
- 1234567890
- 1234567
Research has found that people choose to use these simple, easy to type passwords merely out of convenience. The issue is, if the passwords are simple and easy for you to use, they will be equally as easy for a password cracker to breach. In short, a simple password makes it a lot easier for cyber-criminals to uncover it.
How Can You Stay Secure?
Has your password looked similar to, or appeared on this list? If so, it’s definitely time for you to address your passwords hygiene. A great place to start, is to ensure your passwords are unique and complex to each of your accounts, seems simple right?
These days it feels like everything needs a password. We have passwords for our desktops, email, social media, shopping and almost any other website you’ve needed to make a booking or order through. With so many different accounts needing to be created, it can make you understand why people re-use passwords or use ones that are easy to remember. A study by 'dataprot' has found 51% of people have admitted to using the same password for multiple accounts. This 51% of people are at massive risk, if a cyber-criminal gained access to even one of their accounts, that criminal would subsequently gain access to any other account using that password.
Having your personal accounts and data stolen is undeniably terrible, but when in a business sense the risk of using a weak or redundant password grows massively. Allowing a cyber-criminal to gain access to a work account could lead to data loss and in some cases full data breaches, and with the average cost of a data breach at £3.03 million according to ITpro, this could be fatal to SMEs.
.jpg?width=389&name=dan-nelson-ah-HeguOe9k-unsplash%20(1).jpg)
One of the easiest ways to combat the issue of remembering multiple complex passwords as well as creating them is by using a password manager. A password manager creates a secure repository of your passwords and will also recommend strong passwords for you to use. All you need to do is remember one, complex master password. Many password managers will also automatically fill in your passwords when you arrive at a login page, thus saving you time and logging you in securely.
In addition to using a password manager, we recommend using two-factor authentication to add an extra layer of security to your accounts. For the most part, this involves receiving a code via SMS to your smartphone or through the use of an app that shows you a randomly generated code, but increasingly apps and services are sending a confirmation number to user devices as a notification instead. Some of these will allow you to simply tap the notification to approve the login. The use of biometric scanners such as those for fingerprints and faces are also on the rise. The key here is to reconfirm your identity through a second security layer and make it more difficult for hackers to breach your account.
Conclusion
To some, needing to use a strong and unique password for each of your accounts may feel like common knowledge, but with 262 million people using one of the top 10 passwords, it shows password hygiene may not be as common as some believe. We understand, it feels like everything needs a password in this age. Shopping, email, workstations, and social media are only a few of the many accounts you'll have to make, and coming up with a unique password you'll remember for each one can be difficult. This is most likely why patterns on a keyboard are some of the most common passwords, as they are extremely easy to remember but even easier to crack!
Post pandemic, cyber-crime is at an all-time high, these criminals are taking advantage of the increase in remote workers by launching more phishing attacks than ever. If you allowed yourself to fall victim to a phishing attack, a password cracker could be installed onto your device which will then try thousands of different passwords every second, working from most common to least common. If your password is nonunique or contains common words/names, it will most likely take cyber-criminals less than a few seconds to get into your account.
If you've noticed any of your passwords are either on this list or seem similar, 2022 is the year you take the appropriate steps to better your password security. For instance, using different, complex passwords for each of your accounts and making use of a password manager, as well as turning on two-factor authentication. Making sure of these will reduce the risk of a hacker breaching your accounts and data.
Weak passwords are one of the main causes of a data breach and allowing this to happen can have catastrophic consequences on your business. Do you want to reduce your business exposure but don't know where to start? We're here to help, with over 15 years of experience working with small and large companies, putting the right security solutions in place for them, we could be the trusted MSP your business needs. To find out more, please feel free to contact us on 0330 002 0045 or email enquiries@entrustit.co.uk, to be put in contact with one of our experienced consultants.
