Hackers Delight: Poor Password Security

Millions of people are using easy-to-guess passwords on sensitive accounts, suggests a study. The analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts.

The study helped to uncover the gaps in cyber-knowledge that could leave people in danger of being exploited. The NCSC said people should string three random but memorable words together to use as a strong password.

Sensitive Data
For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used. 

Top of the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111. The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.

When it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second. Blink-182 topped the charts of music acts. People who use well-known words or names for a password put themselves people at risk of being hacked, said Dr Ian Levy, technical director of the NCSC.

"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band," he said.

Hard to Guess
The NCSC study also quizzed people about their security habits and fears. It found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online.

It found that fewer than half of those questioned used a separate, hard-to-guess password for their main email account.
Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the "single biggest control" people had over their online security.

"We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them," he said.

Letting people know which passwords were widely used should drive users to make better choices, he said. The survey was published ahead of the NCSC's Cyber UK conference that will be held in Glasgow from 24-25 April. 

BBC:

You Might Also Read: 

Identity Management Fundamentals:

 

 

« FBI Believes Russia Hacked Florida Elections
A Cyber Attack On Japan Could Bring The USA To War »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

Protection Group International (PGI)

Protection Group International (PGI)

PGI helps organisations and governments to manage digital risk. From cyber security services to business intelligence, we help reduce the risks to your finances, reputation, assets and people.

CryptoCodex

CryptoCodex

Cryptocodex has developed Counter-Fight, the most advanced, yet simple to implement, counterfeit detection system.

SecureAppbox

SecureAppbox

SecureAppbox provide solutions that protects the communication of sensitive data as well as advice on data security and compliance with GDPR.

David Hayes-Export Controls

David Hayes-Export Controls

David Hayes-Export Controls provides assistance to companies affected by export controls or who are considering entering the market but are unsure of the commercial and regulatory implications.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

SafeStack Academy

SafeStack Academy

SafeStack Academy is an online cyber security and privacy education platform. Our content is designed by experts to suit small businesses, growing companies, and development teams.

Infiot

Infiot

Infiot is a pioneer in enabling secure, reliable access with zero trust security, network optimization, edge-intelligence and AI driven operations for all remote users, devices, sites and cloud.

Gem Security

Gem Security

Gem is on a mission to help security operations evolve into the cloud era, and stop cloud threats before they become incidents.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Cyclops

Cyclops

Cyclops is the first Contextual Search Platform for cybersecurity.

Miggo Security

Miggo Security

Miggo is the first Application Detection and Response (ADR) platform on a mission to stop application breaches.

XONA

XONA

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

Inroad Technologies

Inroad Technologies

Inroad Technologies provide IT services that help keep your business computers, servers and networks secure and trouble-free.

SECTA5

SECTA5

SECTA5 is a cybersecurity company building a next-generation Continuous Threat and Exposure Management platform, leveraging the expertise of offensively trained cyber defenders.