Posted on Aug 27, 2018
Take a look at the passwords listed above. Do any of them look familiar? The sad reality is that they might. While overly simple and relatively easy to guess, these were 50 of the most common passwords acquired in a data breach of over 30 million accounts. The 10 most popular options (including “123456” and “123456789”) break a cardinal rule of password setting by not including a combination of letters and numbers.
One of the most common ways hackers gain access to passwords and accounts is called a brute-force attack. This method uses an automated software that checks all of the words in the dictionary and commonly used passwords until it breaks through. Using passwords like “123456” or “qwerty” (if a website will let you) isn’t just discouraged, it could be dangerous.
Thankfully, not all websites will allow users to pick passwords like “123456”, even if they wanted to. Google requires its users to create passwords at least eight characters in length utilizing a combination of letter and numbers. While not required, Google also recommends users include symbols into their account passwords and avoid using personal info or common words.
But is that enough?
Potentially not. In a 2016, Microsoft announced they saw over 10 million username and password “pair attacks” every single day. As a result of their analysis, they suggested reusing passwords should be banned, that longer passwords aren’t always better, and multi-factor authentication may be necessary to fully secure account from compromise.
Even if users are including a mixture of letters, numbers, and symbols in their account passwords, they may still be falling prey to commonly used combinations. This graphic acts as a heat map to identify the characters on the keyboard people reach for the most in building their passwords. Numbers like 0,1, and 2 as well as symbols like the period, underscore, and at symbol (“@“) are still common and could be easily guessed.
Check out our list of 3 top third party risk management (TPRM) challenges, and the actions you can take to bolster your program. Learn more.
Performing cybersecurity risk assessments is a key part of any organization’s information security management program. Read our guide.
Templates and vendor evaluations are needed to level that playing field, in a time efficient and fair way, so that the best vendors are chosen.
Co-founder and CEO, Alex Yampolskiy, speaks about the importance of measuring and acting on key indicators of cybersecurity risk.
You’ve invested in cybersecurity, but are you tracking your efforts? Check out our list of 20 cybersecurity KPIs you should track. Read more.
No waiting, 100% Free
Get your free scorecard and learn how you stack up across 10 risk categories. Answer a few simple questions and we'll instantly send your score to your business email.