Hackers Delight: Poor Password Security

Uploaded on 2019-04-23 in TECHNOLOGY--Hackers, FREE TO VIEW

Millions of people are using easy-to-guess passwords on sensitive accounts, suggests a study. The analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts.

The study helped to uncover the gaps in cyber-knowledge that could leave people in danger of being exploited. The NCSC said people should string three random but memorable words together to use as a strong password.

Sensitive Data
For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used. 

Top of the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111. The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.

When it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second. Blink-182 topped the charts of music acts. People who use well-known words or names for a password put themselves people at risk of being hacked, said Dr Ian Levy, technical director of the NCSC.

"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band," he said.

Hard to Guess
The NCSC study also quizzed people about their security habits and fears. It found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online.

It found that fewer than half of those questioned used a separate, hard-to-guess password for their main email account.
Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the "single biggest control" people had over their online security.

"We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them," he said.

Letting people know which passwords were widely used should drive users to make better choices, he said. The survey was published ahead of the NCSC's Cyber UK conference that will be held in Glasgow from 24-25 April. 

BBC:

You Might Also Read: 

Identity Management Fundamentals:

 

 

« FBI Believes Russia Hacked Florida Elections
A Cyber Attack On Japan Could Bring The USA To War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BCS, The chartered Institute for IT

BCS, The chartered Institute for IT

BCS provides IT professionals with up to date and relevant certifications enabling them to manage IT security effectively within their budget.

Cynet

Cynet

Cynet simplifies security by providing a rapidly deployed, comprehensive platform for detection, prevention and automated response to advanced threats with near-zero false positives.

Seclore

Seclore

Seclore is the most advanced, secure, and automated Enterprise Digital Rights Management (EDRM) solution available.

Cyber Together

Cyber Together

Cyber Together is dedicated to advancing the cyber security industry by giving businesses access to Israel’s leaders, innovators and great minds in the field of cyber security.

Daon

Daon

Daon offers a universal biometric authentication platform for mobile devices.

Sparta Consulting

Sparta Consulting

Sparta Consulting is an information management and business development full service provider.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

ControlMap

ControlMap

ControlMap is a software as a service platform with a mission to simplify and eliminate stress from everyday operations of modern IT compliance teams.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

Electrosoft Services

Electrosoft Services

Electrosoft provide mature, innovative technology-based services and solutions to power critical IT programs and keep our nation safe from cybersecurity attacks.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

Binalyze

Binalyze

Binalyze is the world's fastest and most comprehensive enterprise forensics solution. Our software helps you to collaborate and complete incident response investigations quickly.

Hush

Hush

Hush is a premium privacy service that gives people unprecedented visibility and control of their digital footprint. Hush assesses threats, and goes to work to eliminate digital risks on your behalf.

Karthik Consulting (KC)

Karthik Consulting (KC)

Karthik Consulting is a technology service provider specializing in IT services for the U.S. federal government.

Soteria Communications

Soteria Communications

Soteria Communications supports clients to prepare for and manage crises, with a focus on cyber incidents.