Hackers Delight: Poor Password Security

Uploaded on 2019-04-23 in TECHNOLOGY--Hackers, FREE TO VIEW

Millions of people are using easy-to-guess passwords on sensitive accounts, suggests a study. The analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts.

The study helped to uncover the gaps in cyber-knowledge that could leave people in danger of being exploited. The NCSC said people should string three random but memorable words together to use as a strong password.

Sensitive Data
For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used. 

Top of the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111. The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.

When it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second. Blink-182 topped the charts of music acts. People who use well-known words or names for a password put themselves people at risk of being hacked, said Dr Ian Levy, technical director of the NCSC.

"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band," he said.

Hard to Guess
The NCSC study also quizzed people about their security habits and fears. It found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online.

It found that fewer than half of those questioned used a separate, hard-to-guess password for their main email account.
Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the "single biggest control" people had over their online security.

"We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them," he said.

Letting people know which passwords were widely used should drive users to make better choices, he said. The survey was published ahead of the NCSC's Cyber UK conference that will be held in Glasgow from 24-25 April. 

BBC:

You Might Also Read: 

Identity Management Fundamentals:

 

 

« FBI Believes Russia Hacked Florida Elections
A Cyber Attack On Japan Could Bring The USA To War »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Huawei

Huawei

Huawei is a leading global ICT solutions provider. with end-to-end capabilities across the carrier networks, enterprise, consumer, and cloud computing fields.

Metasploit

Metasploit

Metasploit penetration testing software helps find security issues, verify vulnerabilities and manage security assessments.

CERT-MU

CERT-MU

CERT-MU is the Mauritian National Computer Security Incident Response Team.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

IntaForensics

IntaForensics

IntaForensics offer a full range of digital investigation services and are able to adapt to the individual needs of solicitors, private clients, Law Enforcement Agencies and commercial businesses.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

DestructData

DestructData

DestructData is a leading independent provider of End of Life data destruction/security solutions.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance (TCA)

Trusted Connectivity Alliance is a global, non-profit industry association which is working to enable a secure connected future.

Data Privacy Office (DPO)

Data Privacy Office (DPO)

Data Privacy Office is a company that specializes in privacy and personal data protection, following the highest standards in its sector.

Chainlink

Chainlink

Chainlink expands the capability of smart contracts by enabling access to real-world data and systems without sacrificing the security and reliability guarantees inherent to blockchain technology.

Kontex

Kontex

Kontex is a Cyber Security consultancy creating resilient solutions. From Strategy, Advisory and Implementation to Management and everything in between.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

QA Consultants

QA Consultants

QA Consultants is North America’s largest software quality engineering services firm, an award-winning onshore provider of software testing and quality assurance solutions.

Yotta Infrastructure Solutions

Yotta Infrastructure Solutions

Yotta Infrastructure, a Hiranandani group company, provide Datacenter Colocation and Tech Services such as Cloud services, Network & Connectivity, IT Security and IT Management services.

nandin Innovation Centre

nandin Innovation Centre

nandin is ANSTO’s Innovation Centre (Australian Nuclear Science and Technology Organisation) where science and technology entrepreneurs, startups and graduates come together.