Easy-to-Guess Passwords Are Risky

Uploaded on 2021-04-20 in TECHNOLOGY--Resilience, FREE TO VIEW

The British National Cyber Security Centre (NCSC) says that too many people are using easy-to-guess passwords, including their pet's nameThey also commonly use a family members' names, significant dates, their favourite sports team, or even 'Password',  all putting them at risk of their accounts being compromised by cyber criminals.

Cyber security experts are urging people to create harder-to-crack passwords after new research found 15% of British people use their pet’s name as a log-in. The cyber security organisation is asking people to follow best practice by creating passwords using three random words to help better secure their online accounts.

It comes after a survey commissioned by the centre, which is part of GCHQ, found that many people were using passwords made up of things which can be easily predicted – including a pet’s name (15%), the name of a family member (14%), a significant date (13%) or a favourite sports team (6%).

A shocking result of the survey is that a further 6% admitted they used the word “password” as all or part of their password.

The NCSC study also found that more than a quarter of people had set up at least four new password-protected accounts in the last year, which the organisation said further highlighted the importance of using strong passwords, with more data than ever to protect. “We may be a nation of animal lovers, but using your pet’s name as a password could make you an easy target for callous cyber criminals,” NCSC director for policy and communications Nicola Hudson said. “I would urge everybody to visit cyberaware.gov.uk and follow our guidance on setting secure passwords which recommends using passwords made up of three random words... You can even use our Cyber Action Plan tool to generate tailored, free of charge advice to improve your security against online attacks.”

The NCSC’s Cyber Aware campaign also advises the public to use a strong, separate password for a user’s main email account and to save passwords in a web browser to help with managing them. The National Cyber Security Centre (NCSC) also argues that such passwords can make it easier for hackers to force their way into people’s accounts by simply guessing common pet names.

The NCSC  is advising people to follow ‘best practice’ by creating passwords using three random words to help better secure their online accounts rather than using just two, like ‘maddy_Mijas’ after a cat!

The top of the list of commonly used passwords was 123456, appearing more than 23 million times. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included ‘qwerty’, ‘password’ and 1111111.

The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie. When it comes to Premier League football teams in guessable passwords, Liverpool are ‘champions’ with Chelsea are second, Blink-182 topped the charts of music acts.

NCSC:          Kent Live:      In Your Area:     The Star:      Euro Weekly:    ZDNet

You Might Also Read: 

PIN Authentication Significantly Reduces Cyber Attacks & Data Breaches

 

« Significant Growth In State-Sponsored Cyber Attacks
Darktrace Plans Stock Market Debut »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

inBay Technologies

inBay Technologies

inBay Technologies' idQ Trust as a Service (TaaS) is a unique and innovative SaaS that eliminates the need for user names and passwords.

Kobil Systems

Kobil Systems

Kobil is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

CYSEC NG

CYSEC NG

Cyber Security Challenge Nigeria Initiative (CYSEC NG) is the first, and largest offensive premier Cyber Conference and Hacking event in Africa.

Fiserv

Fiserv

Fiserv offers a wide array of Risk & Compliance solutions to help you prevent losses from fraud and ensure adherence to regulatory and compliance mandates.

Wayra

Wayra

Wayra connects Telefónica and technological disruptors around the world. As their preferred strategic partner, we scale them up to accelerate their business and ours.

Audea

Audea

Audea is a consultancy firm specialising in cybersecurity, risk and compliance. We provide professional services addressing all areas of Cybersecurity and GRC.

CerraCap Ventures

CerraCap Ventures

CerraCap Ventures invest globally into early-stage B2B companies in Healthcare, Enterprise AI and Cyber Security.

Eurotech

Eurotech

Eurotech provides Edge Computers and IoT solutions. We help to connect your assets and make them smarter through secure and agnostic hardware and software technologies.

Dataminr

Dataminr

Dataminr Pulse helps organizations strengthen business resilience with AI-powered, real-time risk and event discovery—and the integrated tools to manage responses.

Closed Door Security

Closed Door Security

Closed Door Security is the only cybersecurity team in the north of Scotland offering everything from IASME Certification to CREST-Accredited penetration testing.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.

Apex iQ (ApexiQ)

Apex iQ (ApexiQ)

ApexiQ is a continuous asset assurance platform that empowers you with the confidence to make better data-driven decisions and take automated action to reduce your risk.