This Thursday is World Password Day, a day where we reflect on the current state of our online security habits, particularly how we choose and manage our passwords. While we frequently discuss sophisticated cybersecurity measures such as Managed Detection and Response or Digital Risk Protection—both crucial in their own right—we mustn’t forget the basics like how to create a strong password.
The message still isn’t getting through
It's clear that the message hasn’t gotten through as yet again for the nth year in a row the most used password is 123456789. It’s a password that is so weak that hackers can crack it faster than you can blink.
Looking at the latest list is a bit depressing as most haven’t changed in over a decade despite repeated warnings from cyber security experts.
While days like this are important for raising awareness amongst the public, for businesses every day should be considered as password day!
If your password features on this list, the stark reality is that you are incredibly vulnerable to being hacked.
The Persistence of Weak Passwords
Despite the years of warnings and advice from cyber security experts, the message is clearly falling on deaf ears. Here are a few insights from the top ten most common passwords of 2024:
Overuse of Simple Sequences: Passwords like "password", "123456", and "qwerty" remain popular despite their obvious risks.
Familiar Patterns: Many still use easily guessable patterns, such as "111111" or "abc123".
Personal Information: Using easily accessible personal data (like birthdates, names, or even company names) is common and dangerous.
This list is not just frustrating; it's a serious concern for everyone, especially those in the cyber security field. Cyber criminals have evolved a lot in recent years often utilising increasingly sophisticated attack methods but at the same time many still achieve results from using the most basic of strategies i.e. guessing weak passwords.
What Makes a Password Effective?
Contrary to what many believe, a strong password isn't just about complexity—it's about unpredictability and length. Cyber attackers are well-versed in common substitution tricks (like replacing 'i' with '1' or '!'). Instead, a robust password should be:
Long and Memorable: Combine random words to create a password, like "bru55elssproutsAREfoul", which are easier to remember and harder to crack.
Uncommon: Avoid common phrases, sequences, or personal information.
Supported by Tools: Consider using a password manager to generate and store complex passwords securely.
Other tips for improving your passwords include:
- change an old password to a long, strong one
- turn on two-factor authentication for your important accounts
- password protect your wireless router
- don't store passwords on your computer or phone
- log off when you're done with a program
- periodically remove temporary internet files
The Real-World Consequences of weak passwords
For businesses, particularly small ones, the repercussions of a security breach can be devastating—financially and reputationally. Yet, these risks can be mitigated through effective password management and good cyber hygiene practices.
As digital footprints expand, so does the responsibility to protect our online presence. This World Password Day, commit to better password practices. It's not just about avoiding being hacked; it's about safeguarding against increasing cyber threats. If your organisation needs help improving its cyber security get in touch with our experts.