Easy-to-Guess Passwords Are Risky

Uploaded on 2021-04-20 in TECHNOLOGY--Resilience, FREE TO VIEW

The British National Cyber Security Centre (NCSC) says that too many people are using easy-to-guess passwords, including their pet's nameThey also commonly use a family members' names, significant dates, their favourite sports team, or even 'Password',  all putting them at risk of their accounts being compromised by cyber criminals.

Cyber security experts are urging people to create harder-to-crack passwords after new research found 15% of British people use their pet’s name as a log-in. The cyber security organisation is asking people to follow best practice by creating passwords using three random words to help better secure their online accounts.

It comes after a survey commissioned by the centre, which is part of GCHQ, found that many people were using passwords made up of things which can be easily predicted – including a pet’s name (15%), the name of a family member (14%), a significant date (13%) or a favourite sports team (6%).

A shocking result of the survey is that a further 6% admitted they used the word “password” as all or part of their password.

The NCSC study also found that more than a quarter of people had set up at least four new password-protected accounts in the last year, which the organisation said further highlighted the importance of using strong passwords, with more data than ever to protect. “We may be a nation of animal lovers, but using your pet’s name as a password could make you an easy target for callous cyber criminals,” NCSC director for policy and communications Nicola Hudson said. “I would urge everybody to visit cyberaware.gov.uk and follow our guidance on setting secure passwords which recommends using passwords made up of three random words... You can even use our Cyber Action Plan tool to generate tailored, free of charge advice to improve your security against online attacks.”

The NCSC’s Cyber Aware campaign also advises the public to use a strong, separate password for a user’s main email account and to save passwords in a web browser to help with managing them. The National Cyber Security Centre (NCSC) also argues that such passwords can make it easier for hackers to force their way into people’s accounts by simply guessing common pet names.

The NCSC  is advising people to follow ‘best practice’ by creating passwords using three random words to help better secure their online accounts rather than using just two, like ‘maddy_Mijas’ after a cat!

The top of the list of commonly used passwords was 123456, appearing more than 23 million times. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included ‘qwerty’, ‘password’ and 1111111.

The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie. When it comes to Premier League football teams in guessable passwords, Liverpool are ‘champions’ with Chelsea are second, Blink-182 topped the charts of music acts.

NCSC:          Kent Live:      In Your Area:     The Star:      Euro Weekly:    ZDNet

You Might Also Read: 

PIN Authentication Significantly Reduces Cyber Attacks & Data Breaches

 

« Significant Growth In State-Sponsored Cyber Attacks
Darktrace Plans Stock Market Debut »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

MobileIron

MobileIron

MobileIron provides EMM capabilities to IT organizations that need to secure mobile devices, applications and content.

Axiomatics

Axiomatics

Axiomatics provides dynamic authorization and access control solutions to protect critical data assets.

Intezer Labs

Intezer Labs

The only solution replicating the concepts of the biological immune system into cyber-security. Intezer provides enterprises with unparalleled Threat Detection and accelerates Incident Response.

Sysmosoft

Sysmosoft

Sysmosoft specializes in providing highly secured telecommunication solutions for mobile devices for companies requiring protected access to sensitive data remotely.

ECOMPLY

ECOMPLY

ECOMPLY is an all-in-one GDPR Compliance Solution. Efficient data protection management system for businesses and DPOsomply.

DANAK

DANAK

DANAK is the national accreditation body for Denmark. The directory of members provides details of organisations offering certification services for ISO 27001.

HardSecure

HardSecure

Hardsecure supports organizations to face security threats through the adoption of cybersecurity capabilities that guarantee 360º monitoring, visibility, mitigation, and blocking.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

VIRTIS

VIRTIS

VIRTIS' mission is to provide today's leading organizations peace of mind that their entire digital network perimeter is safe from hackers and data breach.

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

Halcyon

Halcyon

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.

SecureLake

SecureLake

SecureLake (formerly Managni) is one of the most trusted US-based IT security and infrastructure companies.

Apex

Apex

We aspire to make the AI revolution run faster, securely, for the benefit of all. We are purposely built for the new AI era and are creating capabilities to safely enable AI.

EyBrids

EyBrids

As a forward-thinking cybersecurity consulting firm, we believe that robust security is the foundation for innovation and growth in today’s digital landscape.