Your name, your date of birth, your pet’s name, your favorite soccer player, a president you don’t see eye to eye with, or the name of your first crush. Are any of these strong enough to guard your most sensitive personal and financial information?
The answer would be an unequivocal “no”.
And yet, a recent survey by Cybernews reveals that these indeed form a few of the most used weak passwords around the globe. A few creative souls have thrown in swear words as well into the mix, which, unfortunately, are once again easy to crack.
So, as we observe World Password Day this May 4th, let’s get serious with our password game.
What is World Password Day?
In his 2005 book Perfect Passwords: Selection, Protection, Authentication, security researcher Mark Burnett first encouraged people to have a “password day,” to update all their important passwords.
Inspired by his idea, Intel Security took the initiative to declare the first Thursday in May as World Password Day in 2013. The day was intended to raise awareness on the importance of strong passwords in securing personal and corporate information.
In the 10 years that followed, the process of securing your data with a password has evolved to include two factor authentication (2FA) and multi-factor authentication (MFA), promising enhanced security to our digital accounts.
Passwords remain the first line of defense, and as such, good password hygiene is critical for individuals and organizations alike.
What constitutes a weak password?
Every time you are required to set a password by any device or portal, the guidelines are displayed for all to see. Still, a shockingly large number of people use easily guessable passwords and reuse the same for all their devices and accounts.
And thus, our long-gone childhood pets live on in our weak passwords. Or our city of birth makes a flash appearance. Then there are some of us who decorate our idols’ names with a few special characters on either side. And the previously mentioned creative people sprinkle a few numbers in between swear words and call it a day. The least creative ones though, rely on what’s right in front of them to set a password – the letters on their keyboard, in the very same sequence they occur.
This is how, once and for all, we make lives and jobs easier for threat actors around the globe.
Believe it or not, cyber attackers maintain a database of known or the weakest passwords that are regularly used. Here is a list of the 10 most common passwords used in India in 2022.
- password – used over 34 lakh times
- 123456 – used over 1.6 lakh times
- 12345678 – used over 1.1 lakh times
- bigbasket – used over 75,000 times
- 123456789 – used over 30,000 times
- pass@123 – used over 20,000 times
- 1234567890 – used over 14,000 times
- anmol123 – used over 10,000 times
- abcd1234 – used over 8,900 times
- googledummy – used over 8,400 times
You may also want to check the top 200 most common passwords across the globe in 2022.
Needless to say, using such weak or known passwords does nothing to protect your digital accounts. It is an open invitation to threat actors to access your personal information and financial data.
Some of the risks associated with weak passwords are:
- Password cracking: Password cracking is a prevalent technique that hackers use to gain unauthorized access to user accounts. It involves the use of automated tools to attempt thousands of possible passwords until the correct one is discovered.
- Brute force attacks: Brute-force attacks are a type of cyberattack that uses automated tools to try all possible combinations of characters until the correct password is discovered.
- Dictionary attacks: Dictionary attacks involve using pre-built lists of commonly used passwords, such as words found in the dictionary, to attempt to gain access to user accounts. They are often effective because many users choose simple and easy-to-guess passwords, such as “password123” or “admin”, which are frequently included in these lists.
- Account takeover: If an attacker gains access to one of a user’s accounts due to password reuse, they may be able to take over other accounts that use the same password. This can be especially dangerous if the user has linked their accounts to financial or sensitive information.
Unique and complex passwords for each of your accounts are the best way to defend against these risks. Most people don’t use complex passwords for the simple reason that they can’t remember them.
Using a password manager can help you generate and store strong passwords for your accounts. Implementing two-factor authentication can also add an extra layer of security to prevent account takeover even if an attacker manages to obtain your password.
What are a few tips to create strong passwords?
- Length: Use a password that is at least 14 characters long. Longer passwords are harder to guess or crack using automated tools.
- Complexity: Use a mix of upper and lower-case letters, numbers, and special characters. Avoid using common words, phrases, or personal information that could be easily guessed, which means avoiding names and anniversary dates.
- Uniqueness: Use a unique password for each account. Avoid reusing passwords across multiple accounts, as this increases the risk of credential stuffing attacks.
- Avoid Dictionary Words: Consider using a password that does not contain dictionary words. Such dictionary words are common and can get hacked easily.
- Avoid Patterns: Avoid using patterns in your passwords, such as sequences of numbers or letters. These patterns are easy to guess and may be part of a dictionary attack. In other words, resort to gibberish.
- Use a Passphrase: Consider using a passphrase, which is a longer combination of mismatch words that are easy to remember but hard to guess. For example, “alien grass coffee” follows no pattern and is therefore impossible to guess.
- Use Multi Factor Authentication: Multi-factor Authentication (MFA) requires users to provide one or more additional verification factors – more than the username and password – to grant access to an application, online account, etc. MFA decreases the likelihood of a successful cyber-attack.
- Use a Password Manager: Consider using a password manager to generate and store strong passwords for your accounts. This can help you avoid the need to remember complex passwords and ensure that you use a unique password for each account.
- Change Your Passwords Regularly: Make it a point, no matter how much hassle it is, to change your password every 30 to 45 days.
- Don’t Share Passwords: In the name of friendships and online streaming services, many of us share passwords among friends and family. Avoid this as much as you can.
Follow these tips of password hygiene and you will see that your first line of defense against cyberattacks is strong and reliable. What better way to observe the 10th anniversary of World Password Day than to change your passwords into something complex and uncrackable that no automated tool can hack?