Hackers Delight: Poor Password Security

Uploaded on 2019-04-23 in TECHNOLOGY--Hackers, FREE TO VIEW

Millions of people are using easy-to-guess passwords on sensitive accounts, suggests a study. The analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts.

The study helped to uncover the gaps in cyber-knowledge that could leave people in danger of being exploited. The NCSC said people should string three random but memorable words together to use as a strong password.

Sensitive Data
For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used. 

Top of the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111. The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.

When it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second. Blink-182 topped the charts of music acts. People who use well-known words or names for a password put themselves people at risk of being hacked, said Dr Ian Levy, technical director of the NCSC.

"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band," he said.

Hard to Guess
The NCSC study also quizzed people about their security habits and fears. It found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online.

It found that fewer than half of those questioned used a separate, hard-to-guess password for their main email account.
Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the "single biggest control" people had over their online security.

"We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them," he said.

Letting people know which passwords were widely used should drive users to make better choices, he said. The survey was published ahead of the NCSC's Cyber UK conference that will be held in Glasgow from 24-25 April. 

BBC:

You Might Also Read: 

Identity Management Fundamentals:

 

 

« FBI Believes Russia Hacked Florida Elections
A Cyber Attack On Japan Could Bring The USA To War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Conference-Service

Conference-Service

Conference-Service provides a categorised calendar of conferences and events, including Information Security & Privacy.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Sabasai

Sabasai

Sabasai specialises in all aspects of insider threat management from training and education to building security frameworks and insider threat programs to on-site risk & vulnerability assessments.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

Crypto4A Technologies

Crypto4A Technologies

Crypto4A quantum-ready cybersecurity solutions significantly improve protection for Cloud, loT, Blockchain, V2X, government and military application deployments.

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity

Deep Mirror Automotive Cybersecurity make Cars & Infrastructures Cybersecure.

Cynexlink

Cynexlink

Cynexlink offers Managed IT Services with Security, Network, Storage & Cloud solutions for all size of business.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity

Rocky Mountain Cybersecurity's mission is to provide value by dramatically improving the cybersecurity posture of our clients and business partners.

watchTowr

watchTowr

Continuous Attack Surface Testing, with the watchTowr Platform. The future of Attack Surface Management.

Digimune

Digimune

Digimune is an all-encompassing cloud-based cyber risk protection platform that guards you against the dangers of our digital world.

Strategic Technology Solutions (STS)

Strategic Technology Solutions (STS)

Strategic Technology Solutions specialize in providing Cybersecurity and Managed IT Services to the legal industry.

Solvo

Solvo

Solvo enables security teams and other stakeholders to automatically uncover, prioritize, mitigate and remediate cloud infrastructure access risks.

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.